skills/mukul975/anthropic-cybersecurity-skills/analyzing-ransomware-leak-site-intelligence/Gen Agent Trust Hub
analyzing-ransomware-leak-site-intelligence
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches ransomware victim data and group profiles from public threat intelligence sources, including the Ransomwatch repository on GitHub, the ransomware.live API, and the ransomlook.io API. These are established resources in the cybersecurity community for monitoring threat actor activity.
- [COMMAND_EXECUTION]: No arbitrary or dangerous command execution patterns were found. The provided Python scripts use standard libraries for data processing and report generation.
- [DATA_EXFILTRATION]: No access to sensitive local files or unauthorized network transmissions were detected. Network activity is confined to the documented intelligence APIs.
- [PROMPT_INJECTION]: The skill contains an ingestion surface for indirect prompt injection as it processes external victim data from third-party APIs.
- Ingestion points: Victim names, sectors, and industry information are ingested from the Ransomwatch and ransomware.live APIs in SKILL.md and scripts/agent.py.
- Boundary markers: Data is interpolated into markdown reports without explicit boundary markers or instructions to ignore embedded content.
- Capability inventory: The skill can write files (ransomware_intel_report.md) and print analysis to the terminal.
- Sanitization: External data is processed as structured JSON but is not sanitized for natural language instructions before report generation.
- Assessment: This is a standard characteristic of intelligence monitoring tools and represents a minimal risk surface given the current functionality.
- [CREDENTIALS_UNSAFE]: No hardcoded API keys, secrets, or sensitive credentials were identified in the codebase.
Audit Metadata