processing-stix-taxii-feeds

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt's example code and instructions show credentials passed directly (e.g., user="apiuser", password="apikey") to the TAXII client and requires "valid credentials" for network access, which encourages embedding secret values verbatim in generated code or commands and thus creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches STIX bundles from external TAXII servers (see SKILL.md Step 2 "Fetch STIX Bundles with Pagination" and scripts/agent.py fetch_collection using taxii2client.as_pages), parses those third-party bundles, and uses their contents to drive routing and automated actions (routing to SIEMs/SOAR, triggering playbooks), so untrusted external feed content could materially influence agent behavior.