WebAssessment
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill definition in
SKILL.mdincludes mandatory instructions to execute a local notification command (curltolocalhost:8888) and output specific status text immediately upon invocation. While this overrides default behavior, it is an internal notification mechanism rather than an attempt to bypass safety guidelines. - [EXTERNAL_DOWNLOADS]: The skill facilitates the download and installation of numerous third-party security tools (e.g., Sherlock, Osintgram, Tinfoleak, SpiderFoot) and datasets from well-known repositories on GitHub. These references are documented neutrally and target established security research projects.
- [COMMAND_EXECUTION]: The skill frequently uses the
subprocessmodule and shell scripts to orchestrate external security tools such asnmap,ffuf,amass, andsubfinder. These operations are essential for the primary purpose of performing network and web assessments. - [CREDENTIALS_UNSAFE]: The documentation and scripts (e.g.,
osint-api-tools.py) describe the management of sensitive API keys for services like Shodan and Dehashed using a local.envfile. The skill includes explicit warnings against committing these secrets to repositories, following standard security practices for local tool configuration. - [PROMPT_INJECTION]: The
VulnerabilityAnalysisGemini3workflow defines an attack surface for indirect prompt injection by ingesting untrusted data from various security tool outputs (e.g., JSON results fromffufornuclei) and passing them to an LLM for analysis. Ingestion points:VulnerabilityAnalysisGemini3.mdandffuf-helper.py. Boundary markers: None. Capability inventory: Subprocess execution inwith_server.pyandexploitation.md. Sanitization: No explicit sanitization of tool outputs before LLM interpolation.
Audit Metadata