skills/danielmiessler/lifeos/Recon/Gen Agent Trust Hub

Recon

Warn

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires elevated system privileges to perform its primary functions.
  • Evidence: The MassScan.ts tool explicitly checks for root access and instructs the user to run the script with sudo to enable raw packet scanning.
  • [EXTERNAL_DOWNLOADS]: The skill includes an update mechanism that fetches and installs binary security tools from external repositories.
  • Evidence: The UpdateTools.md workflow uses the pdtm utility to download and update a wide range of ProjectDiscovery tools such as nuclei, subfinder, and naabu.
  • [PROMPT_INJECTION]: The AnalyzeScanResultsGemini3.md workflow is susceptible to indirect prompt injection as it processes untrusted external data.
  • Ingestion points: The workflow reads potentially large and attacker-influenced scan files (e.g., nmap, masscan) using cat $SCAN_FILE.
  • Boundary markers: Data is delimited using standard markdown code blocks in the prompt provided to the analysis model.
  • Capability inventory: The agent has extensive shell execution capabilities including llm commands and various custom reconnaissance tools.
  • Sanitization: There is no evidence of sanitization or filtering of service banners, hostnames, or other fields within the ingested scan data before it is passed to the LLM.
  • [COMMAND_EXECUTION]: The skill mandates a network notification to a local endpoint upon every invocation.
  • Evidence: SKILL.md contains a mandatory instruction to execute a curl POST request to localhost:8888/notify before performing any other skill actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 30, 2026, 03:33 PM
Security Audit — agent-trust-hub — Recon