detecting-command-and-control-over-dns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow and scripts explicitly instruct ingesting public third-party data (e.g., "Passive DNS database access (CIRCL pDNS, Farsight DNSDB)" in SKILL.md and "Collect training data: Tranco/Alexa top 1M, DGArchive or OSINT feeds" in the scenarios, plus agent training mode that loads --legit-domains/--dga-domains) and uses that untrusted content to drive decisions (alerts, RPZ blocking, isolation), so it clearly consumes and acts on untrusted external content.