techstack-identification
Pass
Audited by Gen Agent Trust Hub on May 13, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill framework utilizes standard command-line tools including curl, dig, whois, openssl, and nmap across its sub-skills to perform network reconnaissance and technology fingerprinting on public assets.
- [EXTERNAL_DOWNLOADS]: Fetches configuration data and IP ranges from well-known services and organizations such as Amazon Web Services (AWS), Google Cloud (GCP), Microsoft Azure, and Cloudflare to ensure accurate infrastructure attribution.
- [PROMPT_INJECTION]: Indirect Prompt Injection Surface (Category 8):
- Ingestion points: The skill ingests untrusted data from multiple external sources, including website HTML (meta tags, comments), job postings, DNS TXT records, and public source code repositories.
- Boundary markers: Explicit boundary markers or instructions to the agent to disregard potential commands embedded within external data are absent from the instructional flow.
- Capability inventory: The agent possesses the capability to execute shell commands (Bash) and perform network operations (WebFetch), which could be targets for manipulation via injected instructions.
- Sanitization: Although some sub-skills (e.g., html-content-analysis) include instructions to sanitize extracted content, the overall pipeline remains susceptible to malicious instructions hidden in target assets, such as deceptive 'generator' meta tags or job descriptions.
Audit Metadata