The Agent Skills Directory

[SAFE]: No malicious code, persistence mechanisms, or unauthorized network operations were detected. The skill is designed for threat intelligence analysis and operates within its stated scope.
[SAFE]: The included utility script scripts/agent.py defaults to disabling SSL certificate verification for the MISP API connection. While this is a weak security configuration, it is documented as an optional parameter and does not indicate malicious intent.
[PROMPT_INJECTION]: The skill exhibits a potential surface for indirect prompt injection due to its processing of external threat intelligence data.
Ingestion points: External event data and indicators are retrieved from a MISP instance via the REST API in scripts/agent.py.
Boundary markers: The script output does not include explicit boundary markers or instructions to disregard embedded prompts within the intelligence data.
Capability inventory: The skill is capable of performing authenticated network requests to a user-provided MISP URL.
Sanitization: While the script correctly handles JSON data structures, it does not sanitize the contents of specific indicator or event fields (e.g., tags, info, or attribute values) which could theoretically contain malicious instructions meant to influence the agent's behavior.

correlating-threat-campaigns