The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill documentation (SKILL.md) references a URL (http://malicious-site.com/payload) that has been flagged as malicious by automated security scanners. Although presented as a placeholder for malware analysis samples, its presence in the instructions represents a reference to known malicious infrastructure.\n- [DATA_EXFILTRATION]: The provided script scripts/agent.py possesses capabilities to read from the local filesystem (specifically /opt/cuckoo/storage/) and send data to a network API. This functionality could be misused to access or exfiltrate sensitive host files if the agent is directed to process paths outside the intended scope.\n- [COMMAND_EXECUTION]: The workflow involves various shell commands for Cuckoo and Volatility. These commands interact directly with the underlying system and lack validation or sanitization within the skill context, providing a potential surface for unauthorized system operations.\n- [PROMPT_INJECTION]: The skill processes untrusted JSON behavioral reports generated from malware execution, creating an indirect prompt injection surface. (1) Ingestion points: The report.json file loaded in scripts/agent.py. (2) Boundary markers: No delimiters or isolation warnings are used to separate the untrusted report data from agent instructions. (3) Capability inventory: The script and associated commands have filesystem read access and network request permissions. (4) Sanitization: No sanitization is applied to the data extracted from the reports before it is parsed and presented to the agent.

analyzing-malware-behavior-with-cuckoo-sandbox