analyzing-threat-actor-ttps-with-mitre-attack

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill programmatically fetches and ingests public MITRE ATT&CK/STIX data (e.g., ATTACK_ENTERPRISE_URL https://raw.githubusercontent.com/mitre/cti/master/enterprise-attack/enterprise-attack.json in scripts/agent.py and TAXII queries via attackcti in SKILL.md and scripts/process.py), and that external content is parsed and directly drives mapping, gap analysis, and generated outputs — meaning third-party data can materially influence agent decisions.