iblai-security-osint-recon

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use shell commands like 'whois', 'dig', and 'exiftool'. Using placeholders like '' and '' in shell commands presents a risk of command injection if the agent does not properly sanitize user-provided input before execution.
  • [EXTERNAL_DOWNLOADS]: Fetches infrastructure data from the well-known public service 'crt.sh' using 'curl'. This is a common and legitimate practice in security research for mapping certificate transparency.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the web.
  • Ingestion points: External data enters the agent context via 'WebSearch', 'WebFetch', and 'curl' commands targeting various third-party domains (e.g., certificate logs and public web pages).
  • Boundary markers: The skill does not define any specific delimiters or instructions to the agent to ignore potential instructions embedded within the gathered data.
  • Capability inventory: The agent has access to 'Bash' and 'Write' tools across all reconnaissance steps defined in 'SKILL.md'.
  • Sanitization: No explicit sanitization or validation of external content is described before the data is analyzed or used to generate reports.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 03:47 PM
Security Audit — agent-trust-hub — iblai-security-osint-recon