implementing-threat-intelligence-platform

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly shows embedding the MISP API key in CLI arguments and code examples (e.g., --misp-key <api_key> and PyMISP("https://misp.local", "api_key")), which requires the agent to accept and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and ingests public feed data (e.g., URLhaus and Feodo Tracker) as shown in SKILL.md step 4 and in scripts/agent.py (ingest_urlhaus_feed and ingest_feodotracker_feed), and that untrusted third-party content is parsed and added to MISP events where it can influence subsequent actions.