building-threat-feed-aggregation-with-misp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes plaintext credentials in the docker-compose example (MYSQL_ROOT_PASSWORD, MISP_ADMIN_PASSPHRASE, etc.), a hardcoded API key placeholder in the PyMISP example, and code that embeds tokens in Authorization headers—patterns that instruct embedding secrets verbatim into configs/code and thus create exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly configures and fetches public OSINT feeds (e.g., abuse.ch, CIRCL, MalwareBazaar) in SKILL.md Step 2 and in scripts/agent.py (add_custom_feed, fetch_all_feeds, feeds/cacheFeeds endpoints), ingests and processes those untrusted third‑party feed contents for searches, correlation, and automated exports (blocklists/SIEM), so external content can materially influence agent actions.