iblai-security-osint-recon
Pass
Audited by Gen Agent Trust Hub on Jun 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands like 'whois', 'dig', and 'exiftool'. Using placeholders like '' and '' in shell commands presents a risk of command injection if the agent does not properly sanitize user-provided input before execution.
- [EXTERNAL_DOWNLOADS]: Fetches infrastructure data from the well-known public service 'crt.sh' using 'curl'. This is a common and legitimate practice in security research for mapping certificate transparency.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the web.
- Ingestion points: External data enters the agent context via 'WebSearch', 'WebFetch', and 'curl' commands targeting various third-party domains (e.g., certificate logs and public web pages).
- Boundary markers: The skill does not define any specific delimiters or instructions to the agent to ignore potential instructions embedded within the gathered data.
- Capability inventory: The agent has access to 'Bash' and 'Write' tools across all reconnaissance steps defined in 'SKILL.md'.
- Sanitization: No explicit sanitization or validation of external content is described before the data is analyzed or used to generate reports.
Audit Metadata