The Agent Skills Directory

[SAFE]: The skill implements standard cybersecurity workflows for threat intelligence, including planning, collection, and analysis.
[EXTERNAL_DOWNLOADS]: Data collection is performed via HTTP requests to well-known and reputable security services, including CISA (cisa.gov), AlienVault OTX (otx.alienvault.com), MalwareBazaar (abuse.ch), and VirusTotal (virustotal.com). These operations are consistent with the skill's primary purpose.
[CREDENTIALS_UNSAFE]: No hardcoded API keys or credentials were found. The scripts correctly demonstrate the use of environment variables for managing sensitive configuration such as VirusTotal and MISP API keys.
[REMOTE_CODE_EXECUTION]: No patterns of remote code execution, piped shell scripts, or unsafe dynamic code evaluation (e.g., eval, exec) were identified.
[DATA_EXFILTRATION]: No unauthorized data exfiltration behavior was detected. Network activity is limited to established threat intelligence feed providers and internal MISP instances as described in the documentation.
[PROMPT_INJECTION]: The skill's instructions and documentation do not contain any patterns attempting to override agent behavior, bypass safety guidelines, or extract system prompts.

implementing-threat-intelligence-lifecycle-management