tailscale
Pass
Audited by Gen Agent Trust Hub on Feb 20, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill exposes high-privilege networking commands (serve and funnel) that can be triggered by untrusted data processed by the agent. • Ingestion points: User/untrusted data provided as arguments to the execute function in index.ts. • Boundary markers: None present in the code or instructions. • Capability inventory: Exposing local ports to the internet, listing tailnet peers, and pinging hosts. • Sanitization: Minimal integer validation for ports in index.ts.
- [Data Exfiltration] (LOW): The 'funnel' command is designed to move local service traffic to the public internet. While intended, this allows for the exfiltration of any service running on a local port if the agent is tricked into exposing it (e.g., funnelling port 5432 for database access).
Audit Metadata