osint

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill is a deliberately invasive OSINT toolkit designed to harvest private/internal signals (Telegram history, email, vaults) and to bypass protections (Bright Data, Apify actor workflows) for building detailed dossiers — it contains clear abuse-oriented functionality and operational guidance for evading access controls, though I found no obfuscated backdoor or remote-exec payload in the code itself.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly fetches and ingests public, user-generated content (e.g., Phase 2 "Platform Extraction" and references/content-extraction.md) using web_fetch/Jina, Apify (scripts/apify.sh, run-actor.sh), Bright Data (scripts/brightdata.sh), Perplexity/Tavily, etc., and requires the agent and spawned sub-agents to read/transcribe that external content (YouTube transcripts, social media posts, Telegram channels) and use it to drive psychoprofile, confidence scoring, and next actions—creating a clear pathway for untrusted third-party content to influence tool use and behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly invokes remote code at runtime—e.g., it posts to Apify's API (https://api.apify.com/v2/acts/.../runs via scripts/run_actor.js and scripts/apify.sh) and calls a Bright Data MCP endpoint (BRIGHTDATA_MCP_URL used by scripts/brightdata.sh → mcp-client.py)—which executes remote actors/tools as part of normal operation and the skill depends on those for scraping, so these URLs execute remote code during runtime.