recon-and-methodology
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill serves as a reference guide for security testing methodologies and does not contain executable code that would pose a threat to the host or environment.
- [COMMAND_EXECUTION]: The document contains numerous command-line examples for security tools (such as nmap, subfinder, nuclei, and ffuf). These are intended as instructional templates for a user or agent to perform reconnaissance on a target system.
- [EXTERNAL_DOWNLOADS]: The skill references fetching data from 'crt.sh', which is a well-known and trusted certificate transparency log service used for subdomain discovery.
- [DATA_EXFILTRATION]: While the skill mentions sensitive file paths (e.g., .env, .git/config, credentials.json), these are listed as targets for a security audit to identify misconfigurations on a remote system, rather than as paths to be stolen from the local environment.
Audit Metadata