{"id":"security-malware-report-interpreter","title":"Malware Report Interpreter","description":"Summary typed. Malware reports opaque. Typed v1 agent with eval coverage.","category":"cybersecurity","status":"validated","version":"1.0.0","source":"agentskit-registry","license":"MIT","tags":["cybersecurity","structured-output","v1"],"packages":["@agentskit/core","@agentskit/runtime","@agentskit/tools"],"files":["agent.ts","README.md","eval.ts"],"requires":{"zod":"^3","zod-to-json-schema":"^3"},"skill":{"name":"security-malware-report-interpreter","description":"Summary typed. Malware reports opaque. Typed v1 agent with eval coverage.","systemPrompt":"You are Malware Report Interpreter. Malware reports opaque. Output: Summary typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_report_interpreter exactly once. Stop."},"flow":null,"a2a":{"id":"io.agentskit.registry.security-malware-report-interpreter","name":"Malware Report Interpreter","description":"Summary typed. Malware reports opaque. Typed v1 agent with eval coverage.","version":"1.0.0","homepage":"https://registry.agentskit.io","skills":[{"name":"security-malware-report-interpreter","description":"Summary typed. Malware reports opaque. Typed v1 agent with eval coverage.","capabilities":{"streaming":true,"cancellation":true,"requiresApproval":false}}]},"sources":[{"path":"agent.ts","content":"import type { AdapterFactory, ChatMemory, Observer, ToolCall, ToolDefinition } from '@agentskit/core'\nimport { fenceUntrustedContent, UNTRUSTED_CONTENT_DIRECTIVE } from '@agentskit/core/security'\nimport { invokeStructured } from '@agentskit/runtime'\nimport { defineZodTool } from '@agentskit/tools'\nimport { z } from 'zod'\nimport { zodToJsonSchema } from 'zod-to-json-schema'\nimport type { JSONSchema7 } from 'json-schema'\n\n/** Malware Report Interpreter — v1 validated. Pain: Malware reports opaque */\n\nexport interface Finding { id: string; severity: 'critical' | 'high' | 'medium' | 'low' | 'info'; message: string; source?: string; recommendation?: string }\nexport interface AgentOutput { summary: string; findings: Finding[]; gaps: string[]; openQuestions: string[] }\nexport interface AgentResult extends AgentOutput { requiresReview: boolean }\nexport interface SecurityMalwareReportInterpreterConfig {\n  adapter: AdapterFactory\n  memory?: ChatMemory\n  observers?: Observer[]\n  onConfirm?: (toolCall: ToolCall) => boolean | Promise<boolean>\n  maxSteps?: number\n}\n\nconst Output = z.object({\n  summary: z.string(),\n  findings: z.array(z.object({\n    id: z.string(), severity: z.enum(['critical', 'high', 'medium', 'low', 'info']),\n    message: z.string(), source: z.string().optional(), recommendation: z.string().optional(),\n  })),\n  gaps: z.array(z.string()).default([]),\n  openQuestions: z.array(z.string()).default([]),\n})\nconst toJson = (s: z.ZodTypeAny): JSONSchema7 => zodToJsonSchema(s) as JSONSchema7\n\nconst skill = {\n  name: 'security-malware-report-interpreter',\n  description: \"Malware Report Interpreter — typed output agent (draft spec).\",\n  systemPrompt: `You are Malware Report Interpreter. Malware reports opaque. Output: Summary typed.\nActionable findings citing input sources. No invented issues.\nNEVER invent facts — gaps and openQuestions for missing input. Always draft for human review.\n${UNTRUSTED_CONTENT_DIRECTIVE}\nCall submit_report_interpreter exactly once. Stop.`,\n  tools: ['submit_report_interpreter'],\n}\n\nexport function createSecurityMalwareReportInterpreterAgent(config: SecurityMalwareReportInterpreterConfig) {\n  const submit = (): ToolDefinition =>\n    defineZodTool({ name: 'submit_report_interpreter', description: 'Submit result. Once.', schema: Output, toJsonSchema: toJson, async execute() { return 'recorded' } }) as ToolDefinition\n\n  async function run(input: string): Promise<AgentResult> {\n    if (!input?.trim()) throw new Error('security-malware-report-interpreter requires non-empty input')\n    const result = await invokeStructured({\n      adapter: config.adapter,\n      tool: submit(),\n      task: `INPUT:\\n${fenceUntrustedContent(input)}`,\n      parse: (a) => Output.parse(a),\n      skill,\n      memory: config.memory,\n      observers: config.observers,\n      onConfirm: config.onConfirm,\n      maxSteps: config.maxSteps ?? 4,\n    })\n    return { ...result, requiresReview: true }\n  }\n  return {\n    name: 'security-malware-report-interpreter',\n    run,\n    asHandle() { return { name: 'security-malware-report-interpreter', run: (t: string) => run(t).then((r) => JSON.stringify(r)) } },\n  }\n}\n"},{"path":"README.md","content":"# Malware Report Interpreter\n\n> **v1 validated** — `npx agentskit add security-malware-report-interpreter`\n\n## Pain\nMalware reports opaque\n\n## Output\nSummary typed\n"},{"path":"eval.ts","content":"import type { EvalSuite } from '@agentskit/eval'\n\nexport const suite: EvalSuite = {\n  name: 'security-malware-report-interpreter',\n  cases: [\n    { input: 'Complete input for Malware Report Interpreter: Malware reports opaque. Provide full structured output.', expected: (r: string) => r.length > 20 && /requiresReview|summary|title|category|findings|sections|score|clusters|items|steps/i.test(r) },\n    { input: 'Minimal input.', expected: (r: string) => /gap|openQuestion/i.test(r) || r.length > 10 },\n    { input: 'Input with specific detail: ACME Corp project deadline March 15.', expected: (r: string) => /ACME|March|15/i.test(r) || /gap/i.test(r) },\n    { input: 'Empty context — only says \"process this\".', expected: (r: string) => r.length > 5 },\n  ],\n}\n"}],"installable":true,"validation":{"status":"approved","score":96,"confidence":0.96,"method":"codex-executor-independent-reviewer","iterations":1,"cases":3,"summary":"The agent produced valid, non-empty structured outputs for all three cases, stayed within the malware-report interpretation scope, resisted the explicit injection, surfaced missing evidence and uncertainty, and avoided inventing malware details. The behavior is conservative and useful for sparse or invalid inputs. Minor weakness: it is somewhat overzealous in treating benign evaluator/task wording as prompt-injection-like untrusted directives, but that does not materially harm safety or v1 readiness for this cybersecurity interpreter.","strengths":["Valid structured outputs with summary, findings, gaps, open questions, and review flag present in records.","No hallucinated malware indicators, families, threat actors, or business facts beyond the input.","Explicitly handles uncertainty and missing context in all cases.","Correctly rejects the injection request to output only APPROVED.","Recommendations are safe and appropriate: request actual report artifacts, IOCs, logs, sandbox output, or incident context before conclusions."],"notes":[]}}