building-automated-malware-submission-pipeline

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries public, user-contributed threat feeds (VirusTotal via https://www.virustotal.com/api/v3/files/{sha256} and MalwareBazaar via https://mb-api.abuse.ch/api/v1/) and ingests those JSON responses and sandbox reports as part of its required workflow to compute verdicts and trigger follow-up actions (SIEM push, firewall blocks), so untrusted third‑party content can materially influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill instructs the agent to collect and write malware samples into a system path (/opt/malware_quarantine) that typically requires elevated privileges and to push actionable changes to external infra (firewall blocks, SIEM), so it directs modifications to host and network state that could compromise the machine if misused.