building-threat-intelligence-platform

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes plaintext credentials in the Docker Compose (APP__ADMIN__PASSWORD, APP__ADMIN__TOKEN) and code that constructs Authorization headers (f"Bearer {cortex_key}") which encourages embedding secret values verbatim in configs/requests, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly configures and ingests public OSINT feeds (e.g., SKILL.md Step 2 enabling CIRCL OSINT, Botvrij.eu, abuse.ch via self.misp.fetch_feed(...) and scripts/process.py's configure_feeds using self.misp.feeds()), so the agent consumes untrusted, user-generated third-party content that is used to create indicators and drive enrichment/case actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The Docker Compose manifest pulls and runs remote container images at runtime (e.g., ghcr.io/misp/misp-docker/misp-core:latest and docker.elastic.co/elasticsearch/elasticsearch:8.12.0), which fetches and executes remote code that the skill relies on for operation.