operationalizing-misp-threat-feeds

Fail

Audited by Snyk on Jun 25, 2026

Risk Level: HIGH
Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

  • Insecure credential handling detected (high risk: 1.00). The prompt's examples and commands require placing a MISP Auth Key verbatim (in PyMISP constructor, curl Authorization header, and CLI --key) which would force the LLM to handle or emit secrets directly, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). The required runtime workflow ingests IOC values from the operating user’s enabled MISP feeds via PyMISP misp.search(...) and MISP REST attributes/restSearch/... exports; those IOC texts originate from third-party feed publishers (e.g., CIRCL OSINT, abuse.ch, Feodo Tracker) rather than the operating user, so outsider-authored free text/values are ingested into the agent’s LLM context through the pipeline’s fetched feed content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's runtime code fetches IDS rules directly from the MISP REST endpoint (e.g., GET to "https:///attributes/restSearch/returnFormat:suricata/to_ids:1/type:domain%7Cip-dst%7Curl", shown as https://localhost/... in the docs/script) and writes those rules to disk to be loaded and executed by Suricata, meaning remote content controls detection execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to copy detection rules into system directories (/etc/suricata/), place files under /var/ossec/, edit manager configs and restart services, and add cron jobs—all actions that modify system-level files/services and require elevated privileges, so it pushes changes to the host state.

Issues (4)

W007
HIGH

Insecure credential handling detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
HIGH
Analyzed
Jun 25, 2026, 09:01 PM
Issues
4
Security Audit — snyk — operationalizing-misp-threat-feeds