osint-recon

SUSPICIOUS. The skill’s capabilities are mostly aligned with OSINT, and it shows no installer abuse, credential harvesting, or hidden exfiltration. However, giving an AI agent web-search plus Bash/Write for reconnaissance against external targets is inherently medium risk, especially due to prompt-injection exposure from untrusted content and potential misuse for surveillance or invasive profiling.