Skills
skills/mukul975/anthropic-cybersecurity-skills/building-threat-actor-profile-from-osint/Snyk

building-threat-actor-profile-from-osint

Fail

Audited by Snyk on Mar 15, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The skill's example code embeds API keys directly into HTTP headers and a query string (e.g., X-OTX-API-KEY, x-apikey, ?key=...), which requires including secret values verbatim in generated requests/commands and therefore poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, untrusted OSINT (e.g., fetch_mitre_attack_data downloads the MITRE ATT&CK bundle from https://raw.githubusercontent.com and search_alienvault_otx queries AlienVault OTX as shown in scripts/agent.py and SKILL.md) and then reads and uses that content to build profiles and drive decisions, so third-party content could materially influence agent behavior and enable indirect prompt injection.

Issues (2)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata
Risk Level
HIGH
Analyzed
Mar 15, 2026, 01:21 PM
Issues
2