detecting-ransomware-precursors-in-network

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly downloads and ingests public threat‑intelligence feeds (see SKILL.md Step 4 and references/api-reference.md which use curl to fetch abuse.ch, URLhaus, ThreatFox, and CISA feeds) and then uses those untrusted external IOCs to look up destinations and drive alerting/blocking decisions, so third‑party content can materially influence agent behavior.