recon-security
Pass
Audited by Gen Agent Trust Hub on Jun 16, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill consists entirely of instructional Markdown content and reference guides. It does not include any bundled scripts, executable code, or dynamic context injection commands.
- [COMMAND_EXECUTION]: The skill provides a library of standard security commands (e.g., nmap, httpx, ffuf, nuclei) intended for execution by a user or agent within the context of an authorized security engagement. All commands are gated by a mandatory scoping phase (Pass 0).
- [EXTERNAL_DOWNLOADS]: The instructions guide the user to install well-known, industry-standard security tools from reputable sources, including official Homebrew formulae, Go packages from ProjectDiscovery, and established security researchers. All referenced tools are standard in the cybersecurity community.
- [PROMPT_INJECTION]: As a security testing assistant, the skill interacts with data from external targets (e.g., HTTP headers, DNS records), which is an inherent surface for indirect prompt injection. The skill mitigates this risk by emphasizing a human-guided workflow, normalization of target data using tools like dnsx and uro, and strict adherence to a scoped methodology.
Audit Metadata