Skills
skills/elementalsouls/claude-osint/offensive-osint/Gen Agent Trust Hub

offensive-osint

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The script scripts/h1_reference.py connects to the HackerOne GraphQL API at https://hackerone.com/graphql to fetch public security report data. HackerOne is a well-known bug bounty platform used for security research and reconnaissance.
  • [COMMAND_EXECUTION]: The README provides instructions for running local Python scripts, scripts/secret_scan.py and scripts/h1_reference.py, which utilize standard libraries to process local files and query external APIs.
  • [PROMPT_INJECTION]: The skill has an indirect prompt injection surface as it processes untrusted data from external sources. Malicious instructions embedded in the titles or descriptions of bug bounty reports fetched from HackerOne could potentially influence agent behavior.
  • Ingestion points: HackerOne report metadata (titles, URLs, CWE labels) retrieved in scripts/h1_reference.py.
  • Boundary markers: Absent; data is returned as raw text or JSON to the agent.
  • Capability inventory: The agent using this skill typically has shell access and file system read permissions.
  • Sanitization: No sanitization or filtering for instructional content is performed on the retrieved report data.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 04:14 AM
Security Audit — agent-trust-hub — offensive-osint