The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. It is designed to ingest and process indicators of compromise (IOCs) from external threat feeds (e.g., URLhaus, CIRCL OSINT). Attackers can inject instructions into attribute comments or metadata within these feeds to manipulate the agent's reasoning or actions.
Ingestion points: scripts/process.py and scripts/agent.py fetch data from remote MISP instances and feeds.
Boundary markers: No delimiters or instructions are used to distinguish untrusted external data from the agent's core instructions.
Capability inventory: The skill can write to the file system (CSV/JSON/STIX export) and perform network communications.
Sanitization: There is no evidence of filtering or escaping content fetched from external intelligence sources.
[PROMPT_INJECTION]: Metadata poisoning detected. The author is listed as 'mahipal' in SKILL.md, while the LICENSE file attributes copyright to 'mukul975'. This inconsistency in attribution can be used to hide the true source or intent of the skill.
[EXTERNAL_DOWNLOADS]: The file assets/template.md includes the domain malicious-domain.com. Although intended as a placeholder, this domain is categorized as malicious (Botnet-related) by automated security scanners and presents a risk if resolved or used in automated workflows.
[COMMAND_EXECUTION]: The skill instructs the user to execute shell commands for deployment and package management, including git clone, docker compose, and pip install. While standard for the task, these operations require caution as they interact with external repositories.
[SAFE]: The skill references and uses official resources from the MISP Project, a well-known and trusted open-source threat intelligence community.

collecting-threat-intelligence-with-misp