Red Team Tools and Methodology
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is designed to ingest and process large amounts of untrusted data from external sources, creating a vulnerability surface.
- Ingestion points: Multiple tools within the workflows (
httpx,waybackurls,gau,nuclei,curl,ffuf) fetch content from external, potentially attacker-controlled domains and save them to local files (e.g.,live.txt,urls.txt). - Boundary markers: There are no explicit instructions or delimiters defined to warn the agent that the tool outputs contain untrusted content that should not be interpreted as instructions.
- Capability inventory: The skill leverages extensive command-line execution (subprocess calls) and network operations across almost all sub-skill files.
- Sanitization: There is no evidence of sanitization, escaping, or validation of the data retrieved from external URLs before it is processed or displayed.
- Command Execution (SAFE): The skill contains numerous bash snippets intended for security auditing. These are consistent with the skill's stated purpose of providing red team methodologies. No malicious command injection into the logic of the skill itself was detected.
- External Downloads (LOW): The skill references several external services and tools for reconnaissance (e.g., Shodan, Censys, bgp.he.net). While these are non-whitelisted domains, they are standard resources for the intended use-case of security research.
- Data Exposure & Exfiltration (SAFE): The skill mentions the use of API keys as a prerequisite but does not contain hardcoded secrets or logic to exfiltrate sensitive local files.
Audit Metadata