Skills
skills/mukul975/anthropic-cybersecurity-skills/building-threat-actor-profile-from-osint/Gen Agent Trust Hub

building-threat-actor-profile-from-osint

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches threat intelligence data and MITRE ATT&CK datasets from well-known security services including AlienVault OTX, VirusTotal, Shodan, and MITRE's official GitHub repository.
  • [COMMAND_EXECUTION]: Executes the spiderfoot OSINT tool via the subprocess module to perform infrastructure reconnaissance and correlation.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8) by aggregating untrusted data from external OSINT sources into generated dossiers and reports.
  • Ingestion points: Data enters the agent context via API responses from AlienVault OTX, VirusTotal, and Shodan (detected in SKILL.md and scripts/agent.py).
  • Boundary markers: Absent. The dossier generation logic in SKILL.md and the report generation in scripts/agent.py lack delimiters or instructions to ignore embedded commands in the fetched intelligence.
  • Capability inventory: The skill has capabilities to execute local commands (subprocess.run) and write files to the disk (SKILL.md, scripts/agent.py).
  • Sanitization: Absent. The skill performs basic truncation of text but does not implement validation or escaping for the ingested external content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:21 PM