shodan
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the
x shodanutility to perform network scans and host lookups. These commands are localized to the tool's intended reconnaissance functions. - [CREDENTIALS_UNSAFE]: The instructions guide users to set up their own Shodan API keys using an initialization command. This is a secure practice that avoids embedding secrets directly in the skill code.
- [PROMPT_INJECTION]: The skill features an AI-powered summary tool (
x shodan ::) that processes external data from the Shodan database. This represents an indirect prompt injection surface where the model could potentially be influenced by content found in search results. - Ingestion points: Shodan search results and network intelligence reports from
SKILL.mdandSKILL.zh.md. - Boundary markers: Absent; there are no explicit delimiters defined to separate untrusted Shodan data from agent instructions.
- Capability inventory: Execution of network search and scan commands via the
xtoolset. - Sanitization: Not defined; the skill does not explicitly detail any filtering or validation of the retrieved Shodan data.
Audit Metadata