hunt-oauth
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the user to utilize standard security research tools such as
grep,apktool,adb, andcurl. These commands are used for local analysis, APK decompilation, and interacting with mobile devices during security audits. - [EXTERNAL_DOWNLOADS]: The documentation references external security research platforms and public bug bounty reports (e.g., HackerOne, Salt Labs, Descope). These are well-known industry resources used for providing educational context and real-world examples of vulnerabilities.
- [REMOTE_CODE_EXECUTION]: Analysis was performed on the command
curl https://target.com/.well-known/openid-configuration | python3 -m json.tool, which was flagged by automated scans. The investigation confirms this is a benign operation that uses a built-in Python module to pretty-print JSON data for readability. The command does not interpret or execute the remote content as code.
Audit Metadata