skills/mukul975/anthropic-cybersecurity-skills/performing-ai-driven-osint-correlation/Gen Agent Trust Hub
performing-ai-driven-osint-correlation
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill's workflow dynamically generates several Python utility scripts (including normalize.py, correlate.py, and resolve.py) on the local filesystem in the /tmp/osint/ directory and subsequently executes them using the Python interpreter. While functional for task automation, this pattern of on-the-fly script creation and execution is a form of dynamic code generation.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its handling of external, untrusted data. It aggregates findings from various OSINT tools—which can include attacker-controlled content like social media bios or profile metadata—and feeds this data directly into an LLM prompt for analysis.\n
- Ingestion points: Untrusted data enters the context from OSINT tool outputs aggregated in /tmp/osint/normalized-findings.json.\n
- Boundary markers: The prompt template in the generated correlate.py script lacks clear delimiters or protective instructions to distinguish between the analysis task and the potentially malicious instructions embedded within the raw OSINT data.\n
- Capability inventory: The skill possesses significant capabilities, including the ability to write files to the local system and execute multiple shell commands to run OSINT tools and generated scripts.\n
- Sanitization: There is no evidence of sanitization, filtering, or validation of the external content before it is interpolated into the LLM prompt.
Audit Metadata