operationalizing-misp-threat-feeds
Fail
Audited by Snyk on Jun 25, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The prompt's examples and commands require placing a MISP Auth Key verbatim (in PyMISP constructor, curl Authorization header, and CLI --key) which would force the LLM to handle or emit secrets directly, creating an exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.85). The required runtime workflow ingests IOC values from the operating user’s enabled MISP feeds via PyMISP
misp.search(...)and MISP RESTattributes/restSearch/...exports; those IOC texts originate from third-party feed publishers (e.g., CIRCL OSINT, abuse.ch, Feodo Tracker) rather than the operating user, so outsider-authored free text/values are ingested into the agent’s LLM context through the pipeline’s fetched feed content.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill's runtime code fetches IDS rules directly from the MISP REST endpoint (e.g., GET to "https:///attributes/restSearch/returnFormat:suricata/to_ids:1/type:domain%7Cip-dst%7Curl", shown as https://localhost/... in the docs/script) and writes those rules to disk to be loaded and executed by Suricata, meaning remote content controls detection execution.
MEDIUM W013: Attempt to modify system services in skill instructions.
- Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to copy detection rules into system directories (/etc/suricata/), place files under /var/ossec/, edit manager configs and restart services, and add cron jobs—all actions that modify system-level files/services and require elevated privileges, so it pushes changes to the host state.
Issues (4)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
W013
MEDIUMAttempt to modify system services in skill instructions.
Audit Metadata