extracting-iocs-from-malware-samples

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs authenticated VirusTotal lookups using a VT_API_KEY variable (shown as a hardcoded "your_api_key") and demonstrates placing that key directly in request headers, which requires the agent to handle and potentially emit secret API key values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill explicitly queries public VirusTotal endpoints as part of its required workflow (see SKILL.md Step 5 "Validate IOCs against VirusTotal" and scripts/agent.py validate_ioc_virustotal / check_vt_ip), ingesting third‑party VirusTotal responses which are untrusted community-backed data and are used to label/drive blocking and export decisions.