The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts/recon.py script executes the dig and curl utilities using subprocess.run. Arguments are passed as a list rather than a single string, which effectively prevents shell command injection from untrusted domain inputs.
[EXTERNAL_DOWNLOADS]: The skill fetches content from target websites and interacts with the Apify API (or a vendor-provided proxy at api.gooseworks.ai) to perform technology profiling. These network operations are transparently documented and align with the skill's stated purpose.
[SAFE]: No obfuscation, malicious data exfiltration, or persistence mechanisms were detected. API tokens for third-party services are managed through environment variables as per standard security best practices.

tech-stack-teardown