implementing-epss-score-for-vulnerability-prioritization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches public, untrusted data from third-party endpoints (e.g., https://api.first.org/data/v1/epss, https://epss.cyentia.com/epss_scores-current.csv.gz, and the CISA KEV feed at https://www.cisa.gov/.../known_exploited_vulnerabilities.json) and directly uses those results to enrich scans and drive prioritization/automation, meaning external content can materially influence agent decisions and actions.