implementing-pci-dss-compliance-controls

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill includes executable code that connects to arbitrary external hosts and APIs (e.g., scripts/agent.py uses --tls-host and --segment-target to perform TLS handshakes and port probes, and references/api-reference.md shows requests.get to identity_provider_url and siem_url), parses those remote responses, and uses the results to generate findings and drive compliance decisions—so untrusted third‑party content can materially influence behavior.