sherlock
Pass
Audited by Gen Agent Trust Hub on Apr 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the terminal tool to execute the
sherlockcommand-line utility to perform reconnaissance across various social networks.- [EXTERNAL_DOWNLOADS]: The skill instructions direct the agent to install thesherlock-projectpackage from PyPI usingpiporpipxif the command is not already available.- [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection (specifically command injection) by interpolating user-supplied usernames directly into a shell command template. While double quotes are recommended, a malicious username containing shell metacharacters could potentially result in arbitrary command execution depending on the host environment and agent sanitization. Ingestion points: User-provided usernames extracted from conversation history (SKILL.md). Boundary markers: Double quotes are used around the username variable in the command templates. Capability inventory: Terminal tool execution for shell commands (SKILL.md). Sanitization: No explicit sanitization or validation logic is defined in the skill instructions.
Audit Metadata