pentest-recon-surface-analysis
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists exclusively of markdown instructions and YAML metadata. It does not contain any executable scripts (Python, Node.js, etc.) or binary files.
- [SAFE]: No malicious patterns, obfuscation, or unauthorized data access attempts were detected. The skill instructions are focused on structured, authorized security assessment and reconnaissance.
- [PROMPT_INJECTION]: The skill is designed to process external target data, which presents a surface for indirect prompt injection. * Ingestion points: Target model data (interfaces, trust boundaries, identity contexts), interfaces, and endpoint discovery results (SKILL.md). * Boundary markers: None explicitly defined for isolating untrusted target data or instructing the agent to ignore embedded commands. * Capability inventory: No direct execution capabilities (subprocesses, network operations, or file writes) are defined within the skill files. * Sanitization: Instructions include a requirement to normalize findings into a deduplicated inventory (SKILL.md).
Audit Metadata