Red Team Tools and Methodology
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous bash command sequences for running well-known security auditing tools including Amass, Subfinder, Nuclei, and ffuf. These are intended for legitimate security research and methodology implementation.
- [EXTERNAL_DOWNLOADS]: Fetches data from well-known services such as bgp.he.net for ASN discovery and uses historical data mining tools like waybackurls and gau.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it processes external, untrusted data (subdomains and historical URLs) into tool execution flows (dalfox, nuclei) without explicit boundary markers or sanitization steps to isolate the data from the agent's control flow.
Audit Metadata