The Agent Skills Directory

[SAFE]: The skill implements standard cyber threat intelligence (CTI) workflows using the STIX 2.1 and TAXII 2.1 protocols.
[DATA_EXPOSURE]: The provided scripts (agent.py and process.py) accept credentials for authentication to TAXII servers. The documentation correctly identifies best practices such as using environment variables to avoid hardcoding secrets.
[COMMAND_EXECUTION]: Network operations are limited to the TAXII protocol and target user-specified or trusted endpoints like the MITRE ATT&CK TAXII server.
[INDIRECT_PROMPT_INJECTION]: The skill ingests external data from TAXII feeds. Ingestion points: STIX objects are fetched from TAXII collections in agent.py and process.py. Boundary markers: Data is parsed into structured STIX objects using the stix2 and taxii2-client libraries, providing clear boundaries between data and instructions. Capability inventory: The scripts perform network GET/POST requests and write output to JSON/CSV files. Sanitization: Content is processed through schema-validated parsers and regular expressions, minimizing the risk of raw data influencing agent logic.

implementing-stix-taxii-feed-integration