Skills
skills/mukul975/anthropic-cybersecurity-skills/automating-ioc-enrichment/Gen Agent Trust Hub

automating-ioc-enrichment

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill depends on standard Python packages requests and stix2 to perform network operations and manage security data structures.
  • [COMMAND_EXECUTION]: The scripts/agent.py script is a utility that processes security indicators provided by the user.
  • [DATA_EXFILTRATION]: The skill performs network requests to established threat intelligence platforms (VirusTotal and AbuseIPDB) to retrieve context on indicators, which is the stated purpose of the skill.
  • [PROMPT_INJECTION]: The skill ingests untrusted data in the form of security indicators. 1. Ingestion points: IOCs are provided via command-line arguments and file inputs in scripts/agent.py. 2. Boundary markers: Indicator types are classified and validated using regular expressions. 3. Capability inventory: The skill performs network GET requests to well-known services and writes results to JSON and STIX files. 4. Sanitization: Input data is strictly matched against expected patterns for IP addresses, hashes, and domains.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:46 PM