containment

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required Prompt Injection Safety Notice explicitly states it "processes incident data including attacker-controlled indicators (IP addresses, domain names, command-and-control URLs, malware command strings)," meaning the agent ingests untrusted, attacker-sourced third-party content as part of the workflow and will read/interpret those indicators to drive containment decisions.