OSINT
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [Dynamic Execution] (MEDIUM): The skill automatically loads and applies instructions, resources, and configurations from
~/.claude/skills/CORE/USER/SKILLCUSTOMIZATIONS/OSINT/to override default behavior. This dynamic loading from a specific file path allows for potential persistent instruction injection if the directory is accessible to other processes. - [Indirect Prompt Injection] (LOW): The skill's primary function is to ingest untrusted data from the web, which creates a significant attack surface for indirect prompt injection.
- Ingestion points: Data is retrieved from dozens of external sources including crt.sh, social media, DNS records, and various threat intelligence APIs (VirusTotal, AlienVault OTX, etc.).
- Boundary markers: Absent. The workflows do not specify delimiters or instructions to ignore embedded commands in the retrieved data.
- Capability inventory: The skill has the ability to spawn sub-agents (Task DSL), write files to the local system (scratch and history directories), and perform network operations via
curl. - Sanitization: Absent. The methodology focuses on synthesis and reporting without explicit sanitization of external content.
- [Command Execution] (LOW):
SKILL.mdexecutes a hardcodedcurlcommand tolocalhost:8888for notifications. While directed at a local endpoint, it demonstrates active use of subprocess spawning. - [External Downloads] (LOW): The skill facilitates and recommends the use of numerous external tools and websites for data collection. While these are industry-standard OSINT tools, the agent acts as an automated bridge to these external services.
Audit Metadata