iblai-security-recon

Warn

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes several shell commands including dig, whois, nmap, and curl using a $ARGUMENTS placeholder. This pattern is susceptible to command injection if a user provides a target string containing shell metacharacters (e.g., example.com; rm -rf /), allowing for arbitrary code execution on the underlying system.
  • [EXTERNAL_DOWNLOADS]: The skill uses curl to fetch certificate transparency data from https://crt.sh. This is a well-known and standard service used for subdomain discovery in security workflows.
  • [PROMPT_INJECTION]: The instructions include defensive guardrails requiring the agent to verify authorization before performing any actions and to refuse unauthorized or mass-scanning requests. These are safety-oriented instructions meant to prevent misuse.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 15, 2026, 03:47 PM
Security Audit — agent-trust-hub — iblai-security-recon