bb-methodology
Pass
Audited by Gen Agent Trust Hub on May 24, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate resource for conducting security audits. It defines workflows for reconnaissance, mapping, vulnerability discovery, and reporting within the context of authorized bug bounty and red team engagements.
- [EXTERNAL_DOWNLOADS]: The methodology references numerous well-known open-source security tools (e.g., subfinder, nuclei, amass, trufflehog, katana) used in the security industry. These are mentioned as part of a recommended toolkit for the agent to use on targets, rather than being downloaded or executed in a malicious or hidden manner.
- [COMMAND_EXECUTION]: The skill provides example CLI commands and tool-routing tables for various security testing phases. These instructions are intended to be used by the agent on authorized target domains and do not contain patterns that would compromise the user's local system or environment.
- [PROMPT_INJECTION]: While the skill contains strong instructions ('Hard rule', 'Core Principle', 'HARD rule'), these are designed to guide the agent toward accurate and impactful security reporting rather than attempting to bypass safety protocols or override the agent's core instructions.
Audit Metadata