offensive-osint

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill contains numerous copy-pasteable commands and “read-only validators” that require inserting API keys/tokens (e.g., sk-..., ghp_..., x-api-key, PMAK-..., xoxb-...) directly into headers/URLs, which forces the LLM/operator to handle or emit secret values verbatim — an explicit high-risk secret-exfiltration pattern.

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). Most entries are legitimate OSINT, vendor and tooling URLs, but the list also contains multiple high‑risk indicators (generic cloud storage bucket patterns and storage URLs, raw IP:port endpoints, leak/paste sites, personal file hosting patterns, and unvetted GitHub releases/third‑party repos) that are commonly used to host or distribute malicious binaries, so the overall set should be treated as moderately to highly suspicious.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This document is an explicit offensive reconnaissance toolkit containing step‑by‑step techniques that enable credential theft, data exfiltration, remote code execution (Docker/Kube/kubelet/etcd), subdomain takeover, and supply‑chain abuse — high-risk if misused or used without explicit authorization.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The skill’s runtime workflow can fetch and ingest outsider-authored public web content (e.g., “DuckDuckGo SERP scrape”, “Bing SERP scrape”, “Wayback CDX deep usage”, “Stack Exchange OSINT sweep”, “crt.sh/Censys/OTX/URLScan scrapes”), and those fetched pages/snippets are then processed into LLM context as evidence/findings.