skills/mukul975/anthropic-cybersecurity-skills/implementing-soar-automation-with-phantom/Snyk

implementing-soar-automation-with-phantom

Warn

Audited by Snyk on Apr 10, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.90). The skill explicitly calls public third‑party APIs (e.g., VirusTotal, WHOIS, MaxMind/GeoIP, AbuseIPDB) in SKILL.md Step 2/3 and in scripts/agent.py to ingest reputation/enrichment data and then uses those results to auto-block, quarantine, or escalate (materially affecting actions), so untrusted external content can directly influence behavior.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Apr 10, 2026, 06:26 PM

Issues

1