correlating-threat-campaigns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's runtime agent (scripts/agent.py) explicitly fetches and ingests events/attributes from a MISP instance (and SKILL.md Step 1 also lists ISAC/MISP/TAXII and commercial intelligence) and then directly reads tags, attribute values, and event "info" to calculate correlation confidence and produce blocking/detection outputs, meaning untrusted, partner- or user-submitted third‑party content is consumed and can materially influence decisions.