recon-full
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFENO_CODE
Full Analysis
- [NO_CODE]: The skill package contains no executable scripts (Python, Node.js, Shell, etc.). It consists solely of descriptive methodology in markdown and JSON-based evaluation configuration.
- [SAFE]: The reconnaissance workflow follows industry-standard penetration testing practices. Recommended tools like ksubdomain, naabu, httpx, and nuclei are reputable open-source security utilities.
- [PROMPT_INJECTION]: No attempts to bypass safety filters, override system instructions, or use adversarial role-play were found in the instructional content.
- [DATA_EXFILTRATION]: No evidence of unauthorized data access, credential harvesting, or exfiltration to external domains was identified.
- [SAFE]: Potential indirect prompt injection surfaces were evaluated. Ingestion points: tool output results (SKILL.md). Boundary markers: absent. Capability inventory: tool execution and analysis. Sanitization: not specified. This surface is considered a normal part of security reconnaissance functionality.
Audit Metadata