Improve Risk Assessment for First-Party Vulnerabilities

[refoo0]

First-party vulnerabilities do not have a raw risk assessment, resulting in a default value of 0. This leads to the automatic assignment of low-severity labels, which may not accurately reflect the actual risk. We should consider skipping severity labels for first-party vulnerabilities unless a proper risk assessment is available.