Skills
skills/ljagiello/ctf-skills/ctf-osint/Gen Agent Trust Hub

ctf-osint

Fail

Audited by Gen Agent Trust Hub on Apr 17, 2026

Risk Level: CRITICALEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires installing third-party packages such as shodan and Pillow, and system tools like nmap and exiftool. It also interacts with various external OSINT APIs including ip-api.com and whatsmyname.app.
  • [EXTERNAL_DOWNLOADS]: A reference to a malicious URL (http://x.x.x.x:5000), flagged as botnet-related by automated scanners, is included as an example in web-and-dns.md.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution for its core functionality, which presents a risk if the agent is induced to execute malicious payloads through manipulated external data.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data (e.g., DNS TXT records, social media content, and web archives) without explicit sanitization or boundary markers. Ingestion points include the whatsmyname.app API, ip-api.com responses, and various web contents retrieved via WebFetch. Capability inventory includes Bash, Write, Edit, and Task tools. No sanitization or boundary markers were identified to protect against malicious instructions embedded in the retrieved OSINT data.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 17, 2026, 10:32 PM