The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references the official MITRE CTI repository on GitHub to retrieve standard Enterprise Attack data. This is a routine operation for threat intelligence tools to stay updated with the latest adversary technique definitions.
[INDIRECT_PROMPT_INJECTION]: The skill processes untrusted external Cyber Threat Intelligence (CTI) reports, which theoretically could contain malicious instructions.
Ingestion points: scripts/agent.py ingests report files from paths provided via command-line arguments; the parser logic in SKILL.md processes arbitrary text blocks.
Boundary markers: Absent. The reports are processed as continuous text without specific delimiters separating untrusted content from the extraction logic.
Capability inventory: The skill is limited to file system read operations for ingestion and file system write operations for exporting JSON-formatted libraries and detection templates. It does not perform network exfiltration or execute shell commands based on the report content.
Sanitization: The skill employs strict regex-based pattern matching (e.g., for IPv4, SHA-256, and Technique IDs) to extract only specific technical entities, which naturally filters out non-conforming content such as embedded natural language instructions.
[COMMAND_EXECUTION]: The skill includes a standalone script scripts/agent.py that utilizes standard Python libraries for processing. It does not contain any functions that spawn subprocesses or execute arbitrary shell commands.

building-attack-pattern-library-from-cti-reports