The Agent Skills Directory

[SAFE]: The skill logic is focused on legitimate OSINT reconnaissance tasks. The orchestration of multiple agents and sub-skills follows standard platform patterns for complex data collection and analysis.
[EXTERNAL_DOWNLOADS]: The skill fetches data and configuration files from well-known technology providers and archival services, including Amazon AWS, Google Cloud, Microsoft Azure, and the Internet Archive (Wayback Machine). These operations are documented and necessary for the stated purpose of identifying infrastructure providers.
[INDIRECT_PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it ingests and parses untrusted data from external websites (HTML meta tags, JavaScript globals, and HTTP headers). However, the risk is mitigated because the skill is designed for passive pattern matching rather than instruction execution, and it explicitly recommends against executing fetched JavaScript.
[COMMAND_EXECUTION]: Uses standard network utilities such as dig and whois for domain and IP attribution. These commands are used for their intended reconnaissance purposes and do not involve privilege escalation or unauthorized system modifications.

techstack-identification