triaging-security-incident-with-ir-playbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's workflow and code (SKILL.md Step 2 and scripts/process.py's IOCEnricher) explicitly query public threat-intel services like VirusTotal, AbuseIPDB, URLScan, etc., ingesting their JSON/strings and using those results to compute threat scores, severity, playbook selection, and automated actions—meaning untrusted, user-contributed third‑party content can materially influence decisions.