Skills
skills/mukul975/anthropic-cybersecurity-skills/implementing-attack-surface-management/Gen Agent Trust Hub

implementing-attack-surface-management

Pass

Audited by Gen Agent Trust Hub on Apr 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/agent.py script executes external security tools including subfinder, amass, httpx, and nuclei. The script correctly uses the list-based argument format for subprocess.run, which mitigates shell injection risks.
  • [EXTERNAL_DOWNLOADS]: The skill documentation includes instructions to install security tools from the official ProjectDiscovery and OWASP GitHub repositories. These are recognized and well-known services within the security industry, and the installation via go install is a standard procedure for these utilities.
  • [DATA_EXPOSURE_SURFACE]: The skill processes untrusted external data in the form of discovered subdomains. The implementation handles these inputs as literal data strings and does not execute them or pass them to a shell, following best practices for handling untrusted content.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 8, 2026, 12:00 AM