The Agent Skills Directory

[SAFE]: The skill provides a legitimate agent for managing threat intelligence on MISP instances. All identified operations are consistent with the stated purpose.
[EXTERNAL_DOWNLOADS]: The skill references the installation of pymisp. This is the well-known, official library for MISP integration and is considered a trusted dependency.
[CREDENTIALS_UNSAFE]: The agent script and API reference demonstrate secure handling of API keys by accepting them as command-line arguments rather than hardcoding sensitive credentials in the source code.
[COMMAND_EXECUTION]: The provided Python script (scripts/agent.py) is a legitimate CLI tool. It uses safe file handling methods via pathlib and json modules and does not invoke shell commands with unvalidated input.
[DATA_EXFILTRATION]: No unauthorized data exfiltration patterns were found. Network operations are limited to the official PyMISP library communicating with a user-specified MISP instance URL.
[SAFE]: The skill possesses an indirect prompt injection surface because it processes untrusted JSON data. Ingestion points: scripts/agent.py (via --input). Boundary markers: None. Capability inventory: Network write operations to MISP and file system writes via --output. Sanitization: The script performs validation on attribute types and values (e.g., checking IP formats and hash lengths), which mitigates basic malformed data issues.

performing-threat-intelligence-sharing-with-misp