implementing-threat-intelligence-lifecycle-management

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Collection Pipeline explicitly fetches and ingests open/public third‑party content (e.g., collect_cisa_kev from https://www.cisa.gov/..., collect_otx_pulses from https://otx.alienvault.com, and collect_abuse_ch posting to https://mb-api.abuse.ch/), which are untrusted/user-contributed sources and are then processed and used to drive analysis and dissemination decisions—allowing external content to materially influence agent behavior.