mitre-attack-framework
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: The skill's primary function is to provide educational references and local analysis tools for the MITRE ATT&CK framework. All external links target official repositories and websites maintained by MITRE (mitre.org), which are recognized as well-known and trusted services.
- [COMMAND_EXECUTION]: The included coverage_analyzer.py script performs local file system operations to read detection rules and write analysis reports. These actions are restricted to paths provided by the user and are consistent with the tool's intended purpose as an analyzer.
- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface as it processes external files (Sigma rules). 1. Ingestion points: coverage_analyzer.py reads YAML/Sigma files from a user-specified directory. 2. Boundary markers: Absent. 3. Capability inventory: The skill performs file read/write operations via the pathlib module. 4. Sanitization: Absent, as the script uses regular expressions to extract specific metadata fields rather than executing or sanitizing the full content of the rule files. This surface is inherent to the skill's functionality as a security scanner and is handled through non-executable regex parsing.
Audit Metadata