Skills
skills/1mangesh1/dev-skills-collection/dns-network/Gen Agent Trust Hub

dns-network

Fail

Audited by Gen Agent Trust Hub on Apr 14, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions to execute commands with root privileges using sudo, including sudo tcpdump for packet capture and sudo iptables for firewall management.
  • [COMMAND_EXECUTION]: The skill directs the agent to modify the /etc/hosts system configuration file using sudo tee and sudo sed. Such modifications can redirect system-wide network traffic or be used for persistence.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection by interpolating user-supplied hostnames and domains into shell commands without sanitization. Evidence Chain: 1. Ingestion points: User-provided hostnames, IP addresses, and domain lists (domains.txt) in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: Execution of dig, curl, nc, tcpdump, and sudo across the skill. 4. Sanitization: No input validation or escaping instructions are provided for handling untrusted data.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 14, 2026, 01:22 AM