recon
Pass
Audited by Gen Agent Trust Hub on Apr 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through the ingestion of untrusted external content.\n
- Ingestion points: Untrusted data enters the agent's context via WebSearch, WebFetch, and curl operations targeting external websites and certificate transparency logs (e.g., crt.sh).\n
- Boundary markers: The skill lacks explicit delimiters or instructions to the agent to ignore potential commands embedded within the retrieved external data, which may be incorporated into reports or used in subsequent steps.\n
- Capability inventory: The skill has access to Bash command execution, file system writing, and network operations, providing a surface for malicious instructions to trigger harmful actions.\n
- Sanitization: There is no evidence of sanitization or filtering of fetched external content before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill uses unvalidated user input to construct shell commands, creating a risk of command injection.\n
- Evidence: User-provided $ARGUMENTS are directly interpolated into shell commands such as
dig any $ARGUMENTS,whois $ARGUMENTS, andnmap ... $ARGUMENTSwithin the methodology described in SKILL.md.\n - Risk: Maliciously crafted arguments (containing characters like
;,&, or|) could be used to execute unauthorized commands within the agent's execution environment.
Audit Metadata