The Agent Skills Directory

[SAFE]: The skill is designed for threat intelligence research and interacts exclusively with the official Malpedia API maintained by Fraunhofer FKIE, a reputable security research organization.
[DATA_EXPOSURE_AND_EXFILTRATION]: The skill requires a Malpedia API key for operation. The provided script agent.py correctly handles this by accepting the key as a command-line argument rather than hardcoding it. No unauthorized data exfiltration or sensitive local file access patterns were found.
[INDIRECT_PROMPT_INJECTION]: The skill ingests data from external API responses. While this theoretically presents an indirect injection surface, the risk is mitigated by the use of a well-known, trusted security research service and the lack of complex prompt interpolation that would allow for agent takeover. The skill primarily serves as a data retrieval and formatting tool.
[UNVERIFIABLE_DEPENDENCIES_AND_REMOTE_CODE_EXECUTION]: The skill utilizes standard, well-known Python libraries including requests, yara-python, and stix2. No suspicious remote script execution or unverifiable package installations are present.

analyzing-malware-family-relationships-with-malpedia