performing-malware-hash-enrichment-with-virustotal

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The examples instantiate vt.Client with API keys passed as plain string arguments (e.g., VTEnricher("YOUR_VT_API_KEY") / batch_enrich("YOUR_API_KEY", ...)), which encourages supplying and embedding secrets verbatim into generated code/requests, creating exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly queries VirusTotal's public API (e.g., GET /files/{hash}, /files/{hash}/behaviours and crowdsourced YARA results) as shown in SKILL.md and scripts/agent.py and directly uses crowdsourced/community fields to classify threats and drive recommendations, so untrusted third-party content can materially influence decisions and actions.