osint
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is highly susceptible to Indirect Prompt Injection (Category 8) due to its core function of processing untrusted external data.
- Ingestion points:
exiftool(reference/image.md) processes metadata from potentially malicious images;digandwhois(reference/domain.md) ingest data from attacker-controlled DNS records and WHOIS databases;curl(reference/domain.md) fetches data from the Wayback Machine API. - Boundary markers: Absent. The skill provides no instructions to the agent to treat external tool outputs as untrusted or to ignore embedded instructions within that data.
- Capability inventory: The skill allows
BashandWrite(SKILL.md), enabling arbitrary command execution and file system modification if the agent is manipulated by processed data. - Sanitization: Absent. There are no patterns for escaping or validating the content retrieved from external OSINT sources before it is processed by the agent or passed to other shell commands.
- External Dependencies (MEDIUM): The skill relies on several third-party tools that are not standard system utilities, which may require external downloads or installations.
- Evidence: References to
sherlock(reference/social.md),subfinderandamass(reference/domain.md), andexiftool(reference/image.md). - Command Execution (LOW): The skill heavily utilizes shell commands for its operations. While intended for OSINT, the use of
unzipon untrusted Office documents (reference/social.md) andstringson arbitrary files carries inherent risks if the underlying utilities have vulnerabilities.
Recommendations
- AI detected serious security threats
Audit Metadata