OSINT
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill presents a significant Indirect Prompt Injection surface (Category 8). Ingestion points: Ingests untrusted content from the web and social media via parallel researchers (Perplexity, Gemini, etc.). Boundary markers: No delimiters or 'ignore embedded instruction' markers are defined in the workflow configuration. Capability inventory: Triggers the 'Recon Skill' (infrastructure reconnaissance) and performs persistent file writes to local directories ($PAI_DIR). Sanitization: No sanitization logic is specified. Malicious instructions placed in target profiles could hijack the agent fleet during the OSINT process.
- [COMMAND_EXECUTION] (MEDIUM): The skill orchestrates 'Technical infrastructure reconnaissance' and 'Recon Skill' calls. These activities often involve the execution of network tools and shell commands that may be vulnerable to manipulation if their input is derived from unvetted OSINT data.
- [NO_CODE] (INFO): This file contains routing and workflow logic but no direct executable code, Python scripts, or external package dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata