designing-adversary-engagement-with-mitre-engage

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a planning framework for cybersecurity deception operations. It uses standard markdown documentation and a Python script for data processing.
  • [COMMAND_EXECUTION]: The included script scripts/process.py is a safe local utility. It performs basic file operations (reading a JSON threat model and writing a markdown plan skeleton) using standard Python libraries (json, argparse). It does not use dangerous functions like eval(), exec(), or subprocess to execute arbitrary shell commands.
  • [EXTERNAL_DOWNLOADS]: The skill references authoritative external resources from MITRE (engage.mitre.org, attack.mitre.org, d3fend.mitre.org). These are well-known, trusted industry-standard repositories for cybersecurity frameworks. No automated downloads or remote code execution patterns were detected.
  • [DATA_EXFILTRATION]: There are no network operations or exfiltration patterns. The script operates entirely on local files provided via command-line arguments.
  • [CREDENTIALS_UNSAFE]: No hardcoded credentials or sensitive file access patterns were found. The skill instructions properly advise users to document legal sign-off and gating criteria as a security best practice for deception operations.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 02:47 PM
Security Audit — agent-trust-hub — designing-adversary-engagement-with-mitre-engage