reconnaissance
Warn
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Rule 6 instructs the agent to modify the sensitive system file /etc/hosts with hostnames discovered during reconnaissance. This operation typically requires elevated privileges and affects system-wide name resolution.
- [COMMAND_EXECUTION]: The skill provides several shell command templates for execution, including a shell loop in Rule 8 that performs automated HTTP requests using curl based on a list of potential subdomains.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by ingesting and acting upon untrusted data from external network targets.
- Ingestion points: HTTP response headers (Rule 6), SSL certificate Subject Alternative Names (Rule 7), and web application manifests (Rule 9).
- Boundary markers: Absent. The skill does not define delimiters or provide instructions to ignore potentially malicious content embedded in the target data.
- Capability inventory: The skill utilizes powerful tools including nmap, ffuf, and curl, and possesses the capability to perform local file system writes to /etc/hosts.
- Sanitization: Absent. There are no instructions for validating or escaping data retrieved from targets before it is used in subsequent shell commands or system configurations.
Audit Metadata