{"feedVersion":"1.0","generatedAt":"2026-04-19T08:32:19.058Z","description":"SkillAudit Threat Intelligence Feed — real-time security findings from AI skill scans","totalScansProcessed":210,"recentThreats":{"count":20,"severityBreakdown":{"critical":7,"high":12,"medium":1,"low":0},"uniqueDomains":3,"items":[{"scanId":"9393105404ef","source":"https://raw.githubusercontent.com/plosson/siteio/main/.claude/skills/logo-creator/SKILL.md","domain":"raw.githubusercontent.com","ruleId":"THREAT_CHAIN_DATA_EXFILTRATION","severity":"critical","category":"data_theft","name":"Threat Chain: DATA_EXFILTRATION","description":"Can access credentials AND send network requests - potential for data theft","line":22,"detectedAt":"2026-04-09T20:51:20.430Z"},{"scanId":"366b43715052","source":"https://raw.githubusercontent.com/anthropics/anthropic-cookbook/main/misc/prompt_caching.ipynb","domain":"raw.githubusercontent.com","ruleId":"THREAT_CHAIN_AGENT_MANIPULATION","severity":"critical","category":"persistence","name":"Threat Chain: AGENT_MANIPULATION","description":"Can modify agent behavior AND communicate externally - agent takeover","line":329,"detectedAt":"2026-04-09T20:49:38.854Z"},{"scanId":"366b43715052","source":"https://raw.githubusercontent.com/anthropics/anthropic-cookbook/main/misc/prompt_caching.ipynb","domain":"raw.githubusercontent.com","ruleId":"CROSS_TOOL_ACCESS","severity":"high","category":"agent_manipulation","name":"Cross-tool data access","description":"Skill attempts to access data or state belonging to other tools, or reads agent conversation history to extract sensitive information","line":575,"detectedAt":"2026-04-09T20:49:38.854Z"},{"scanId":"366b43715052","source":"https://raw.githubusercontent.com/anthropics/anthropic-cookbook/main/misc/prompt_caching.ipynb","domain":"raw.githubusercontent.com","ruleId":"CROSS_TOOL_ACCESS","severity":"high","category":"agent_manipulation","name":"Cross-tool data access","description":"Skill attempts to access data or state belonging to other tools, or reads agent conversation history to extract sensitive information","line":422,"detectedAt":"2026-04-09T20:49:38.854Z"},{"scanId":"366b43715052","source":"https://raw.githubusercontent.com/anthropics/anthropic-cookbook/main/misc/prompt_caching.ipynb","domain":"raw.githubusercontent.com","ruleId":"CROSS_TOOL_ACCESS","severity":"high","category":"agent_manipulation","name":"Cross-tool data access","description":"Skill attempts to access data or state belonging to other tools, or reads agent conversation history to extract sensitive information","line":399,"detectedAt":"2026-04-09T20:49:38.854Z"},{"scanId":"0a59567752db","source":"https://mcp.so/server/gitlab/modelcontextprotocol","domain":"mcp.so","ruleId":"XSS_INJECTION","severity":"high","category":"injection","name":"Cross-site scripting (XSS) vulnerability","description":"Skill inserts user-controlled input into HTML output without sanitization — allows attackers to execute JavaScript in victims' browsers, steal cookies/sessions, redirect users, or deface pages","line":67,"detectedAt":"2026-03-24T10:49:47.508Z"},{"scanId":"0a59567752db","source":"https://mcp.so/server/gitlab/modelcontextprotocol","domain":"mcp.so","ruleId":"SHELL_EXEC","severity":"medium","category":"code_execution","name":"Shell command execution","description":"Skill executes shell commands that could be dangerous","line":67,"detectedAt":"2026-03-24T10:49:47.508Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":435,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":421,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"A2A_DATA_LEAK","severity":"high","category":"data_exfiltration","name":"A2A inter-agent data leakage","description":"Skill exfiltrates data by embedding sensitive information in A2A task artifacts, messages, or metadata sent to external agents","line":1353,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"A2A_CROSS_AGENT_INJECT","severity":"critical","category":"agent_manipulation","name":"Cross-agent prompt injection via A2A","description":"Skill injects instructions or manipulative content into messages sent between agents through A2A protocol, poisoning the inter-agent communication channel","line":52,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"A2A_TASK_HIJACK","severity":"critical","category":"agent_manipulation","name":"A2A task hijacking / redirection","description":"Skill intercepts, redirects, or modifies tasks intended for other agents — hijacking the A2A task delegation flow","line":52,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"REVERSE_SHELL","severity":"critical","category":"code_execution","name":"Reverse shell","description":"Skill attempts to establish a reverse shell connection","line":1353,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"AGENT_MEMORY_MOD","severity":"critical","category":"agent_manipulation","name":"Agent memory/config modification","description":"Skill attempts to modify agent memory, soul, or config files","line":1353,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"SSRF_PATTERN","severity":"high","category":"network","name":"Server-Side Request Forgery (SSRF)","description":"Skill crafts requests to internal/cloud metadata endpoints or uses URL schemes to access internal services","line":1618,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"CROSS_TOOL_ACCESS","severity":"high","category":"agent_manipulation","name":"Cross-tool data access","description":"Skill attempts to access data or state belonging to other tools, or reads agent conversation history to extract sensitive information","line":52,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"ee633f681419","source":"https://github.com/paperclipai/paperclip","domain":"github.com","ruleId":"CRYPTO_THEFT","severity":"critical","category":"crypto_theft","name":"Cryptocurrency wallet theft","description":"Skill attempts to access crypto wallets or seed phrases","line":1158,"detectedAt":"2026-03-23T09:50:16.052Z"},{"scanId":"cce543b6aab3","source":"https://github.com/TauricResearch/TradingAgents","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":421,"detectedAt":"2026-03-23T09:49:46.774Z"},{"scanId":"cce543b6aab3","source":"https://github.com/TauricResearch/TradingAgents","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":445,"detectedAt":"2026-03-23T09:49:46.774Z"},{"scanId":"cce543b6aab3","source":"https://github.com/TauricResearch/TradingAgents","domain":"github.com","ruleId":"SSRF_ADVANCED","severity":"high","category":"network","name":"Advanced SSRF / request smuggling","description":"Skill uses advanced SSRF techniques including URL parser differentials, IPv6 bypasses, or cloud metadata access via alternate encodings","line":436,"detectedAt":"2026-03-23T09:49:46.774Z"}]},"flaggedDomains":{"count":10,"items":[{"domain":"raw.githubusercontent.com","riskLevel":"moderate","riskScore":10,"url":"https://raw.githubusercontent.com/plosson/siteio/main/.claude/skills/logo-creator/SKILL.md","flaggedAt":"2026-04-09T20:51:20.430Z"},{"domain":"raw.githubusercontent.com","riskLevel":"high","riskScore":31,"url":"https://raw.githubusercontent.com/anthropics/anthropic-cookbook/main/misc/prompt_caching.ipynb","flaggedAt":"2026-04-09T20:49:38.861Z"},{"domain":"mcp.so","riskLevel":"moderate","riskScore":11,"url":"https://mcp.so/server/gitlab/modelcontextprotocol","flaggedAt":"2026-03-24T10:49:47.509Z"},{"domain":"github.com","riskLevel":"critical","riskScore":243,"url":"https://github.com/paperclipai/paperclip","flaggedAt":"2026-03-23T09:50:16.065Z"},{"domain":"github.com","riskLevel":"critical","riskScore":207,"url":"https://github.com/TauricResearch/TradingAgents","flaggedAt":"2026-03-23T09:49:46.781Z"},{"domain":"github.com","riskLevel":"critical","riskScore":203,"url":"https://github.com/FujiwaraChoki/MoneyPrinterV2","flaggedAt":"2026-03-23T09:48:41.441Z"},{"domain":"github.com","riskLevel":"critical","riskScore":222,"url":"https://github.com/modelcontextprotocol/servers-archived/tree/main/src/gdrive","flaggedAt":"2026-03-21T21:16:57.165Z"},{"domain":"clawhub.ai","riskLevel":"high","riskScore":44,"url":"https://clawhub.ai/TonyJB/clawguard-antimalware","flaggedAt":"2026-03-16T20:35:47.132Z"},{"domain":"github.com","riskLevel":"critical","riskScore":193,"url":"https://github.com/ilertha/Solana-Wallet-Tracker","flaggedAt":"2026-03-12T05:52:40.614Z"},{"domain":"mcp.so","riskLevel":"moderate","riskScore":11,"url":"https://mcp.so/server/MiniMax-MCP/MiniMax-AI","flaggedAt":"2026-03-11T11:38:29.356Z"}]},"trendingRules":{"count":10,"description":"Most frequently triggered detection rules across all scans","items":[{"ruleId":"SSRF_ADVANCED","hitCount":32},{"ruleId":"THREAT_CHAIN_DATA_EXFILTRATION","hitCount":31},{"ruleId":"THREAT_CHAIN_PERSISTENCE_WITH_THEFT","hitCount":23},{"ruleId":"CRED_ENV_READ","hitCount":22},{"ruleId":"CMD_INJECTION","hitCount":16},{"ruleId":"DATA_EXFIL","hitCount":15},{"ruleId":"STRUCT_READ_EXFIL","hitCount":15},{"ruleId":"SHELL_EXEC","hitCount":14},{"ruleId":"URL_SUSPICIOUS","hitCount":14},{"ruleId":"SSRF_PATTERN","hitCount":13}]},"subscribe":{"polling":"GET /feed?severity=high&limit=50 — poll for updates","since":"GET /feed/since?ts=<unix_ms> — get threats after a timestamp","webhook":"POST /scan/url with callback parameter for per-scan notifications"}}