sysdig-runtime-investigate

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly fetches and ingests public third‑party CTI and network lookups (see SKILL.md "External CTI ... via WebFetch" for NVD/CISA/Exploit‑DB/GHSA and references/enrichment-network.md which calls ipinfo.io/ip‑api), and those external responses are parsed and used to score/correlate findings and influence investigation decisions, exposing the agent to untrusted third‑party content that could carry indirect prompt‑injection-like input.