Skills
skills/mukul975/anthropic-cybersecurity-skills/building-threat-actor-profile-from-osint/Gen Agent Trust Hub

building-threat-actor-profile-from-osint

Pass

Audited by Gen Agent Trust Hub on Apr 7, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches MITRE ATT&CK enterprise data from GitHub (mitre/cti) and intelligence from the AlienVault OTX API. Both are recognized, legitimate sources for security data.\n- [COMMAND_EXECUTION]: Uses subprocess.run to execute the spiderfoot tool for network reconnaissance. This is a standard integration within cybersecurity workflows.\n- [PROMPT_INJECTION]: Ingests untrusted content from the AlienVault OTX API which could contain indirect prompt instructions. \n
  • Ingestion points: AlienVault OTX pulse search results in SKILL.md and scripts/agent.py. \n
  • Boundary markers: None used when interpolating external data into dossier files. \n
  • Capability inventory: Local file-write (scripts/agent.py, SKILL.md) and subprocess.run execution (SKILL.md). \n
  • Sanitization: No input sanitization or validation performed on external intelligence data.\n- [DATA_EXFILTRATION]: Performs outgoing network requests to Shodan, VirusTotal, and AlienVault OTX APIs to retrieve intelligence. These operations are consistent with the skill's purpose and do not target sensitive local data.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 7, 2026, 06:47 PM