Recon
Fail
Audited by Snyk on Jun 30, 2026
Risk Level: CRITICAL
Full Analysis
CRITICAL E006: Malicious code pattern detected in skill scripts.
- Malicious code pattern detected (high risk: 0.90). The skill contains explicit, actionable offensive guidance (exploit chains, RCE/webshell upload, NTDS.dit/Mimikatz credential theft, lateral movement and persistence), automated scanning/attack orchestration, and a mandatory silent notification step — all of which present a high dual‑use/abuse risk if misused.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.75). The required runtime workflow for this skill ingests outsider-authored free text via public web content fetched at runtime (e.g.,
PassiveRecon/DomainReconcallcrt.shandipinfo.ioand parse their JSON/text responses into the LLM prompt context).
Issues (2)
E006
CRITICALMalicious code pattern detected in skill scripts.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
Audit Metadata