The Agent Skills Directory

[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of processing untrusted data from external threat intelligence sources.
Ingestion points: Data enters the agent's context through misp.search() and misp.feeds() calls in scripts/agent.py and scripts/process.py which retrieve event descriptions and attributes from remote MISP servers and community feeds.
Boundary markers: The instructions do not define clear delimiters or provide the agent with warnings to ignore potential instructions embedded within the retrieved intelligence data.
Capability inventory: The skill can perform file system writes (export_csv and export_stix2 functions in scripts/process.py) and output processed data to the terminal.
Sanitization: While the scripts use structured output formats like CSV and JSON, there is no evidence of content filtering or sanitization of the natural language fields (such as event info or comments) that might contain malicious instructions.
[EXTERNAL_DOWNLOADS]: The skill references several external threat intelligence feeds and repositories.
Official MISP Docker repository: https://github.com/MISP/misp-docker.git (Well-known project source).
Community feeds: Fetches data from established providers including CIRCL OSINT (circl.lu), botvrij.eu, and URLhaus (urlhaus.abuse.ch). These are recognized industry-standard sources for threat intelligence and are treated as safe in this context.
[MALICIOUS_URL_DETECTION]: The file assets/template.md contains the domain malicious-domain.com. While automated scanners flagged this as associated with botnet activity, its placement within a 'Notable Campaigns' section of a threat intelligence report template indicates it is intended as a non-functional placeholder for illustrative purposes.

collecting-threat-intelligence-with-misp