analyzing-malware-family-relationships-with-malpedia

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The sample code requires an API key parameter that is interpolated directly into Authorization headers (MalpediaClient("YOUR_MALPEDIA_API_KEY") -> {"Authorization": f"apitoken {api_key}"}), which means an LLM following the skill would need to accept and embed the secret verbatim into requests or generated code.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md and scripts/agent.py explicitly call the public Malpedia API (https://malpedia.caad.fkie.fraunhofer.de/api) to ingest community- and vendor-contributed family descriptions, YARA rules, attributions and reference URLs, and the agent parses and acts on that data to map relationships and compile detection rules, so untrusted third-party content can materially influence its behavior.