osint-methodology
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is an informational technical guide. It does not contain executable code, scripts, or automated tools that perform unauthorized actions.
- [DATA_EXFILTRATION]: The methodology explicitly includes safety guardrails (Section 1 and Section 5) that prohibit the agent from pasting PII, credentials, or secrets into cloud-hosted LLMs or third-party services.
- [PROMPT_INJECTION]: While the skill contains strong instructional language and behavioral constraints (e.g., "DO NOT", "Hard rules"), these are implemented as safety guardrails to ensure the agent remains within authorized scope during security assessments. They do not attempt to bypass or subvert the underlying AI model's safety protocols.
- [REMOTE_CODE_EXECUTION]: No remote code execution patterns or untrusted dependency installations were identified. The loading instructions provided in the README use standard local file operations.
- [EXTERNAL_DOWNLOADS]: The skill references several well-known and reputable security and OSINT services (such as Shodan, Censys, SecurityTrails, and official Microsoft/Okta documentation). These are documented neutrally as technical resources and do not represent a security risk.
Audit Metadata