skills/mukul975/anthropic-cybersecurity-skills/analyzing-indicators-of-compromise/Gen Agent Trust Hub
analyzing-indicators-of-compromise
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: CRITICAL
Full Analysis
- [SAFE]: The skill is a well-documented tool for security analysts to perform IOC enrichment. The URL http://malicious-site.com/payload.exe is a non-functional sample provided in the demo_iocs list within scripts/agent.py to test classification and defanging logic.
- [EXTERNAL_DOWNLOADS]: The skill interacts with reputable third-party security APIs (VirusTotal, AbuseIPDB, MalwareBazaar) to fetch threat intelligence data. These interactions are legitimate for the skill's purpose and use official endpoints via the requests library.
- [DATA_EXFILTRATION]: No sensitive data access or exfiltration was detected. The code correctly utilizes environment variables for API credentials instead of hardcoding them.
- [PROMPT_INJECTION]: No malicious prompt injection or behavior override patterns were found in the skill metadata or instructions. The skill processes untrusted IOC data but implements safety mechanisms to mitigate indirect prompt injection risks. Ingestion points: IOC strings in scripts/agent.py. Boundary markers: instructions in SKILL.md to defang IOCs. Capability inventory: outgoing HTTP requests to security APIs. Sanitization: defang_ioc function in scripts/agent.py.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata