performing-threat-hunting-with-yara-rules

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's code and guidance explicitly print and record matched string data (raw or hex) from files and memory dumps—actions that can expose API keys, tokens, or passwords verbatim—so an agent following it may output secrets directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs cloning and loading public community YARA rule repositories (see SKILL.md Step 7: git clone of GitHub repos like YARA-Rules/signature-base and the "Integrate Community Rule Sets" section) and the code (load_rule_directory / yara.compile usage in the workflow and scripts) compiles and uses those untrusted, user-generated rules to drive matches, severity and alerting decisions, so third‑party content can directly influence tool behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes explicit commands that use sudo to install system packages (e.g., "sudo apt install -y yara"), which instruct the agent to perform privileged system modifications and thus can change/compromise the machine state.