patch-prioritization

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs the agent to retrieve and enrich findings from public third-party sources—e.g., the EPSS API (https://api.first.org/data/v1/epss?cve=[CVE-ID]), the CISA KEV machine-readable feed, and vendor advisories ("URLs as applicable")—and to interpret those sources as inputs that influence SLA/tiering decisions, so it clearly ingests untrusted public content that could carry indirect prompt-injection instructions.