building-attack-pattern-library-from-cti-reports

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill explicitly ingests public CTI reports as input (see SKILL.md "Step 1: Parse CTI Reports" and scripts/agent.py which opens report files) and also loads ATT&CK STIX data via the attackcti client / raw GitHub URL (references/api-reference.md), so it consumes open third‑party content that the agent reads and uses to drive mapping and generate detection artifacts.