managing-dns
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The script
scripts/check-dns-propagation.shingests domain names and record types as command-line arguments and passes them to thedigcommand. In an agentic environment, if these inputs are derived from untrusted sources, it creates an attack surface for indirect prompt injection or DNS-based data exfiltration. * Ingestion points: Positional arguments inscripts/check-dns-propagation.sh. * Boundary markers: Absent. * Capability inventory: Performs network DNS queries. * Sanitization: None present; input is used directly in a shell command string.
Audit Metadata