From 16201a7e603c45c5181b36b54ba31254b9d475b8 Mon Sep 17 00:00:00 2001 From: juliosuas Date: Tue, 17 Mar 2026 17:13:52 -0600 Subject: [PATCH] Address CodeRabbit review: legal guardrails, mkdir, filename consistency, HIBP headers --- .../SKILL.md | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/skills/performing-ai-driven-osint-correlation/SKILL.md b/skills/performing-ai-driven-osint-correlation/SKILL.md index 5810f97f..84b270c5 100644 --- a/skills/performing-ai-driven-osint-correlation/SKILL.md +++ b/skills/performing-ai-driven-osint-correlation/SKILL.md @@ -44,8 +44,21 @@ license: Apache-2.0 ## Workflow +### Legal & Ethical Requirements + +- Obtain documented written authorization before any investigation +- Establish lawful basis for data processing (law enforcement, corporate policy, etc.) +- Define PII retention limits and data handling procedures +- Comply with local privacy regulations (GDPR, CCPA, etc.) + ### Phase 1 — Multi-Source OSINT Collection +0. **Create the working directory for all OSINT outputs:** + + ```bash + mkdir -p /tmp/osint + ``` + 1. **Enumerate usernames across platforms with Sherlock:** ```bash @@ -78,6 +91,7 @@ license: Apache-2.0 ```bash curl -s -H "hibp-api-key: ${HIBP_KEY}" \ + -H "User-Agent: OSINT-Correlation-Skill" \ "https://haveibeenpwned.com/api/v3/breachedaccount/target@example.com" \ -o /tmp/osint/breach-results.json ``` @@ -94,7 +108,7 @@ license: Apache-2.0 findings = [] # Normalize Sherlock CSV results - sherlock_path = "/tmp/osint/sherlock-results.csv" + sherlock_path = "/tmp/osint/sherlock-results.txt" if os.path.exists(sherlock_path): with open(sherlock_path) as f: for row in csv.DictReader(f):