The Agent Skills Directory

[DATA_EXFILTRATION]: The agent.py script includes a function check_id_ransomware that uploads file samples to an external third-party service (id-ransomware.malwarehunterteam.com). While this is a recognized community tool for identifying ransomware variants, uploading encrypted files (which may contain sensitive data) to external platforms is a data privacy risk in an enterprise environment.
[COMMAND_EXECUTION]: The skill provides numerous high-privilege commands and scripts for host isolation (CrowdStrike/Defender APIs), Active Directory account management (Disable-ADAccount, Reset-KrbtgtKeys), and forensic artifact collection. These operations are aligned with the skill's purpose but require strict access controls to prevent misuse.
[EXTERNAL_DOWNLOADS]: The skill references and interacts with several well-known and trusted cybersecurity services, including MalwareBazaar (abuse.ch) and the No More Ransom Project. These are legitimate resources used for threat intelligence enrichment.
[CREDENTIALS_UNSAFE]: The automation script accepts sensitive API tokens and session keys (e.g., --cs-token, --splunk-key) as command-line arguments. This can result in credential exposure in system process logs or shell history files. Additionally, the script allows bypassing TLS verification for Splunk connections via the SKIP_TLS_VERIFY environment variable, which could facilitate Man-in-the-Middle attacks in production environments.
[PROMPT_INJECTION]: The skill ingests data from external web responses (e.g., from nomoreransom.org or malwarehunterteam.com). These untrusted outputs create a surface for indirect prompt injection if the agent processes this content as instructions without proper sanitization.
[SAFE]: There is a discrepancy in the metadata where the SKILL.md lists the author as 'mahipal' while the LICENSE file specifies 'mukul975'. This is a minor inconsistency but does not pose a direct security threat.

building-soc-playbook-for-ransomware