collecting-threat-intelligence-with-misp

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes examples that embed API keys and passphrases directly in code (e.g., PyMISP('https://misp.local', 'YOUR_API_KEY') and instructs editing .env for MISP_ADMIN_PASSPHRASE), which encourages the LLM to accept and output secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly fetches and ingests public, community and user-contributed feeds (e.g., CIRCL OSINT, botvrij.eu, abuse.ch/URLhaus, PhishTank and TAXII servers) as shown in SKILL.md Step 3, references/workflows.md (Automated Feed Collection, TAXII Feed Integration), and scripts/process.py (enable_default_feeds, add_custom_feed, fetch_feed, collect_recent_iocs), and those untrusted feed contents are parsed and used to drive actions (event creation, correlation, exports and IDS rule generation), so external content can materially influence agent behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Step 1 instructs cloning and running the remote repository (git clone https://github.com/MISP/misp-docker.git followed by docker compose up -d), which fetches and executes remote code as a required setup/runtime dependency, so it presents a clear execution risk.