modeling-threats-with-opencti

Warn

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires the user to execute sudo sysctl -w vm.max_map_count=1048575 to modify kernel parameters. This operation grants elevated privileges to modify system-level configurations, which is necessary for the Elasticsearch component but represents a privilege escalation vector.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via the ingestion of untrusted STIX 2.1 bundles and threat model JSON files.
  • Ingestion points: The scripts/agent.py tool loads actor models via CLI arguments, and SKILL.md demonstrates bulk ingestion of STIX bundles.
  • Boundary markers: No clear delimiters or instructions are used to distinguish between data and potential instructions within the processed files.
  • Capability inventory: The skill interacts with the OpenCTI GraphQL API to create, modify, and relate various security entities (Threat Actors, Campaigns, Malware).
  • Sanitization: There is no evidence of validation or sanitization of the input data before it is submitted to the platform's API.
  • [DATA_EXFILTRATION]: In scripts/agent.py, the OpenCTIApiClient is configured with ssl_verify=False. This disables SSL/TLS certificate validation, exposing the API token and the intelligence data being transmitted to potential man-in-the-middle (MITM) attacks.
  • [EXTERNAL_DOWNLOADS]: The skill clones the official OpenCTI Docker deployment configuration from https://github.com/OpenCTI-Platform/docker.git.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 25, 2026, 09:01 PM
Security Audit — agent-trust-hub — modeling-threats-with-opencti