The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The Docker Compose configuration in SKILL.md contains hardcoded default credentials, including APP__ADMIN__PASSWORD=TIPAdminPassword and APP__ADMIN__TOKEN=tip-opencti-token-uuid. While presented as examples, these represent insecure defaults that must be changed before deployment.
[COMMAND_EXECUTION]: The skill provides Python scripts scripts/process.py and scripts/agent.py that execute network operations to interface with security platform APIs. These scripts rely on user-supplied URLs and API keys provided via command-line arguments.
[DATA_EXFILTRATION]: In scripts/process.py, the PyMISP client is initialized with ssl=False, which disables SSL certificate verification for network requests. This allows for communication with internal servers but significantly increases the risk of man-in-the-middle attacks that could expose API keys.
[PROMPT_INJECTION]: The skill implements an end-to-end intelligence pipeline that ingests data from external OSINT feeds, creating a surface for indirect prompt injection if an attacker-controlled feed provides malicious content designed to influence agent logic.
Ingestion points: External intelligence feeds are fetched via MISP and OpenCTI in scripts/process.py and SKILL.md.
Boundary markers: The scripts do not utilize delimiters or specific instructions for the agent to distinguish between platform logic and potentially adversarial feed content.
Capability inventory: The skill allows for network requests (requests), filesystem writes (json.dump), and API access to integrated threat intelligence platforms.
Sanitization: Data validation is limited to basic regex classification of indicator types in scripts/agent.py without semantic analysis or sanitization of indicator content.
[SAFE]: The skill uses official Docker images from well-known providers and references standard open-source Python libraries (pymisp, pycti, requests).

building-threat-intelligence-platform