Investigation
Pass
Audited by Gen Agent Trust Hub on Mar 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill requires the mandatory execution of a background shell command (
curl) for local status notifications (targetinglocalhost:8888) across all investigation workflows. - Evidence: Multiple workflow files (e.g.,
OSINT/Workflows/PeopleLookup.md,PrivateInvestigator/Workflows/FindPerson.md) contain a 'MANDATORY: Voice Notification' section requiringcurl -s -X POST http://localhost:8888/notify .... - Vulnerability: The instruction directs the agent to interpolate variables like
WORKFLOWNAMEandACTIONinto the shell command string, which creates a potential command injection risk if user-supplied data is used for these fields without sufficient sanitization. - [PROMPT_INJECTION]: The skill includes instructions to load and apply external configurations and preferences from the local filesystem, which can override default behavior.
- Evidence: Both
OSINT/SKILL.mdandPrivateInvestigator/SKILL.mdcontain a 'Customization' section instructing the agent to check~/.claude/PAI/USER/SKILLCUSTOMIZATIONS/and loadPREFERENCES.mdor other resources which 'override default behavior'. - [PROMPT_INJECTION]: The skill exhibits a significant surface for Indirect Prompt Injection through its use of parallel research agents to gather data from the web.
- Ingestion points: Untrusted data enters the context from multiple external research agents (Perplexity, Grok, Gemini, Claude) fetching web search results, social media profiles, and public records.
- Boundary markers: Absent. The prompts for sub-agents (e.g., in
OSINT/Workflows/PeopleLookup.md) do not include delimiters or instructions to ignore embedded commands within the searched content. - Capability inventory: The agent has access to shell command execution (
curl), file reading and writing (specifically in theDiscoverOSINTSourcesworkflow), and sub-agent delegation. - Sanitization: Absent. There are no instructions for the agent to sanitize or escape the content returned by research tasks before synthesis.
- [EXTERNAL_DOWNLOADS]: The documentation references and provides instructions for installing various third-party OSINT tools and libraries from public registries.
- Evidence:
OSINT/PeopleTools.mdandPrivateInvestigator/Workflows/ReverseLookup.mdmentionpip install holehe,pip install sherlock-project, andnpm install -g node-ipinfo.
Audit Metadata