building-threat-intelligence-enrichment-in-splunk

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's SKILL.md and included scripts (bin/threatfeed_otx.py, scripts/agent.py, scripts/process.py) explicitly fetch and ingest public third‑party threat feeds (e.g., AlienVault OTX, AbuseIPDB, VirusTotal/TAXII URLs) and then normalize those untrusted, user-sourced IOCs into KV store lookups that the correlation searches and severity/urgency logic use to drive alerts and actions, so external content can materially influence agent decisions.