skills/mukul975/anthropic-cybersecurity-skills/building-threat-feed-aggregation-with-misp/Gen Agent Trust Hub
building-threat-feed-aggregation-with-misp
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill configures and fetches threat intelligence data from well-known and reputable cybersecurity providers including abuse.ch (URLhaus, Feodo Tracker, SSL Blacklist), CIRCL, and Botvrij.eu.\n- [DATA_EXFILTRATION]: Code snippets in
SKILL.mdand thescripts/agent.pyscript utilizeverify=Falseinrequestscalls. This disables SSL certificate verification, which could allow a man-in-the-middle (MITM) attacker to intercept sensitive data, such as the MISP API key or Splunk HEC token.\n- [PROMPT_INJECTION]: The skill processes untrusted external data, creating a surface for indirect prompt injection.\n - Ingestion points: Remote threat intelligence feeds in CSV, JSON, and MISP formats as defined in
SKILL.mdandscripts/agent.py.\n - Boundary markers: Absent; external data is integrated into the agent's context without delimiters or explicit instructions to ignore embedded commands.\n
- Capability inventory: Network operations via the
requestslibrary and local file creation/writing inscripts/agent.py.\n - Sanitization: No input sanitization or validation of the content within threat feeds is performed before processing or generating reports.
Audit Metadata