extracting-iocs-from-malware-samples

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes code that assigns and uses a literal VirusTotal API key (VT_API_KEY = "your_api_key") and demonstrates embedding that key into request headers, which encourages providing secret values verbatim in generated code/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries public VirusTotal endpoints as part of its required workflow (see SKILL.md Step 5 "Validate IOCs against VirusTotal" and scripts/agent.py validate_ioc_virustotal / check_vt_ip), ingesting third‑party VirusTotal responses which are untrusted community-backed data and are used to label/drive blocking and export decisions.