ir-playbook

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow (Step 2.3 "Indicator Analysis Record") explicitly directs the agent to perform "TI Enrichment" using public threat‑intelligence services (VirusTotal, AbuseIPDB, Shodan, MISP), which are open third‑party / user‑submitted sources the agent would read and whose findings can materially influence containment and next‑action decisions.