The Agent Skills Directory

[SAFE]: The skill provides legitimate cybersecurity functionality for automating the management of Indicators of Compromise (IOCs).
[EXTERNAL_DOWNLOADS]: References standard Python libraries for security operations, including stix2, taxii2client, and ioc-fanger.
[DATA_EXFILTRATION]: Performs network requests to well-known threat intelligence platforms (VirusTotal and AbuseIPDB) for enrichment. This behavior is consistent with the skill's primary objective and utilizes trusted external services.
[SAFE]: Demonstrates secure credential handling by utilizing environment variables and command-line arguments for API keys rather than embedding secrets in the code.
[DATA_EXFILTRATION]: A code example for MISP distribution in the documentation explicitly disables SSL certificate verification (verify=False), which introduces a vulnerability to man-in-the-middle attacks.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes untrusted data from arbitrary text sources.
Ingestion points: Processes free-form text via the extract_from_text method in SKILL.md and file inputs in scripts/agent.py.
Boundary markers: None identified to separate instructions from untrusted data.
Capability inventory: Includes the ability to perform network POST/GET requests and write output files.
Sanitization: Employs regex-based extraction, domain whitelisting, and defanging techniques (e.g., replacing http with hxxp).

building-ioc-defanging-and-sharing-pipeline