skills/mukul975/anthropic-cybersecurity-skills/building-threat-feed-aggregation-with-misp/Gen Agent Trust Hub
building-threat-feed-aggregation-with-misp
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process external threat intelligence data from MISP feeds, establishing an indirect prompt injection surface.\n
- Ingestion points: External data enters the context via API requests in
scripts/agent.pyandSKILL.md(e.g.,misp.searchandmisp_request).\n - Boundary markers: The processing logic lacks explicit boundary markers or instructions to the agent to ignore potentially malicious embedded content within the ingested indicators.\n
- Capability inventory: The skill can perform network operations via the
requestslibrary to user-defined MISP and Splunk instances and write output to local files likeblocklist_ips.txt.\n - Sanitization: While the skill uses standard JSON serialization for data handling, it does not implement specific validation or sanitization for the content of the threat indicators processed.\n- [SAFE]: The skill allows for the optional bypass of SSL certificate verification using the
SKIP_TLS_VERIFYenvironment variable, which is a common but sensitive configuration for laboratory or self-signed environments.\n- [SAFE]: Credentials and API keys are handled using placeholders or environment variables, avoiding hardcoded secrets.
Audit Metadata