analyzing-windows-amcache-artifacts

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Yes — SKILL.md Step 4 explicitly instructs extracting SHA‑1 hashes and querying public third‑party services (VirusTotal via vt‑cli and CIRCL hashlookup at https://hashlookup.circl.lu/lookup/sha1/), which the agent would ingest and use to influence its triage/classification decisions.