The Agent Skills Directory

[EXTERNAL_DOWNLOADS]: The skill references several external Python libraries such as iocextract, pefile, yara-python, and tlsh. It also makes network requests to virustotal.com to validate indicators of compromise.
[COMMAND_EXECUTION]: The workflow involves executing shell commands to run analysis tools, including tshark for PCAP analysis, md5sum/sha256sum for hashing, and python3 for metadata extraction and data processing.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it extracts and processes strings directly from potentially malicious binary samples and sandbox reports. These strings are then presented to the agent's context without sanitization or boundary markers.
Ingestion points: Reads content from malware_sample.exe, cuckoo_report.json, and capture.pcap (SKILL.md, scripts/agent.py).
Boundary markers: Absent; there are no delimiters or instructions to the agent to ignore command-like strings extracted from the samples.
Capability inventory: Includes file system read/write, network access via the VirusTotal API, and subprocess execution of network analysis tools (scripts/agent.py).
Sanitization: The code uses regex to identify specific IOC formats, but it does not sanitize the resulting strings for potentially malicious natural language instructions that could influence the agent's behavior.

extracting-iocs-from-malware-samples