social-engineering
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to query well-known OSINT services including Hunter.io and FOFA via HTTP requests or curl for organization reconnaissance purposes.\n- [PROMPT_INJECTION]: The skill contains an indirect prompt injection surface through the ingestion of external data.\n
- Ingestion points: Data returned from Hunter API and FOFA API queries as described in SKILL.md.\n
- Boundary markers: Absent; no specific delimiters or instructions to ignore embedded commands are used for processed API data.\n
- Capability inventory: Access to networking tools (curl, http_request) and data persistence (evidence_save).\n
- Sanitization: None; the skill does not specify validation or sanitization steps for the ingested external intelligence.\n- [SAFE]: The skill functions primarily as a documentation and methodology resource. All phishing templates, phone scripts, and password generation logic are provided as static reference material for security assessments and do not include automated malicious execution.
Audit Metadata