pentest-osint-recon
Fail
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The
execute_commandfunction defined inreferences/tools.mdallows the agent to execute arbitrary shell commands. This is a critical security risk as it provides the AI with unrestricted access to the underlying operating system, bypassing intended tool-specific boundaries. - REMOTE_CODE_EXECUTION (HIGH): The skill includes specialized functions for exploitation, such as
ai_generate_payload,generate_exploit_from_cve, andai_test_payload. These tools facilitate the creation, delivery, and execution of malicious code, which can be leveraged for attacks beyond the scope of passive reconnaissance. - PROMPT_INJECTION (LOW): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core workflow of processing untrusted external data.
- Ingestion points: Data from
amass,subfinder,httpx, andtheharvesterinreferences/tools.mdwhich crawl external web content and metadata. - Boundary markers: No delimiters or instructions to ignore embedded commands are present in the workflows.
- Capability inventory: The agent has access to
execute_command,sqlmap_scan, andnuclei_scan, providing a dangerous path for an attacker to influence the agent into attacking secondary targets or the host itself. - Sanitization: There is no evidence of sanitization or validation of the data retrieved from external scans before it is processed by the agent.
- DATA_EXFILTRATION (LOW): The skill uses tools like
amassandsubfinderthat perform network operations to external domains. When combined withexecute_command, these capabilities can be used to exfiltrate local files or credentials harvested during the OSINT process.
Recommendations
- AI detected serious security threats
Audit Metadata