evaluating-threat-intelligence-platforms

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill clearly fetches and parses data from external TIP instances and feeds at runtime (e.g., scripts/agent.py's test_misp_api and test_opencti_api call user-supplied MISP/OPENCTI URLs, and SKILL.md plus references/api-reference.md describe TAXII/feed onboarding and feed ingestion tests), meaning untrusted/user-generated third‑party content can be ingested and materially influence evaluation decisions.