modeling-threats-with-opencti
Warn
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the user to execute
sudo sysctl -w vm.max_map_count=1048575to modify kernel parameters. This operation grants elevated privileges to modify system-level configurations, which is necessary for the Elasticsearch component but represents a privilege escalation vector. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the ingestion of untrusted STIX 2.1 bundles and threat model JSON files.
- Ingestion points: The
scripts/agent.pytool loads actor models via CLI arguments, andSKILL.mddemonstrates bulk ingestion of STIX bundles. - Boundary markers: No clear delimiters or instructions are used to distinguish between data and potential instructions within the processed files.
- Capability inventory: The skill interacts with the OpenCTI GraphQL API to create, modify, and relate various security entities (Threat Actors, Campaigns, Malware).
- Sanitization: There is no evidence of validation or sanitization of the input data before it is submitted to the platform's API.
- [DATA_EXFILTRATION]: In
scripts/agent.py, theOpenCTIApiClientis configured withssl_verify=False. This disables SSL/TLS certificate validation, exposing the API token and the intelligence data being transmitted to potential man-in-the-middle (MITM) attacks. - [EXTERNAL_DOWNLOADS]: The skill clones the official OpenCTI Docker deployment configuration from
https://github.com/OpenCTI-Platform/docker.git.
Audit Metadata