building-adversary-infrastructure-tracking-system

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses data from public, untrusted third-party sources—e.g., SKILL.md and scripts/agent.py call SecurityTrails (passive DNS, reverse IP, WHOIS), crt.sh (certificate transparency), URLhaus, and ThreatFox APIs—and the code (passive_dns_lookup, pivot_from_seed, check_new_registrations, query_crtsh, build_infrastructure_map) uses those responses to pivot, discover new domains, and drive further look-up and alerting, so external content can materially influence agent decisions and follow-up actions.