implementing-stix-taxii-feed-integration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly connects to and polls public TAXII/STIX feeds (e.g., https://cti-taxii.mitre.org/taxii2/ and mentions AlienVault OTX/Anomali STAXX) as shown in SKILL.md and scripts (scripts/agent.py and scripts/process.py), ingests and parses those third-party STIX bundles, and uses the extracted indicators to drive ingestion/decisions — meeting the criteria for consuming untrusted external content that can influence agent actions.