skills/mukul975/anthropic-cybersecurity-skills/hunting-for-spearphishing-indicators/Gen Agent Trust Hub
hunting-for-spearphishing-indicators
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [METADATA_POISONING]: There is an inconsistency in the author attribution. The SKILL.md file identifies the author as "mahipal", whereas the LICENSE file credits "mukul975". Additionally, the LICENSE file contains a future-dated copyright (2026).
- [INDIRECT_PROMPT_INJECTION]: The skill is designed to ingest and process untrusted data from external sources, which may contain malicious instructions hidden within logs.
- Ingestion points: The scripts/agent.py and scripts/process.py tools read external log files (JSONL and CSV formats) provided as input arguments.
- Boundary markers: The skill lacks explicit boundary markers or instructions to the model to disregard instructions potentially embedded within the log content.
- Capability inventory: The skill includes file system read/write access (for logs and reports) and regex-based data extraction. It does not include subprocess execution or network operations in the provided code.
- Sanitization: The script performs minimal sanitization by truncating extracted URL and command-line strings, which is insufficient to prevent sophisticated injection attempts.
Audit Metadata