whatweb
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for executing command-line tools such as whatweb, subfinder, and httpx for technology fingerprinting and reconnaissance.
- [EXTERNAL_DOWNLOADS]: The skill includes instructions to download source code from the official WhatWeb repository on GitHub and references a community Docker image for installation.
- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection as it processes untrusted data from web server responses like headers and cookies. Ingestion points: Target website responses analyzed by whatweb in SKILL.md. Boundary markers: None specified. Capability inventory: Shell command execution and data processing via jq in SKILL.md. Sanitization: Not explicitly implemented in the example command pipelines.
Audit Metadata