The Agent Skills Directory

[SAFE]: The skill operates as a set of local auditing scripts that evaluate infrastructure state based on user-provided configuration files and standard DNS queries.
[COMMAND_EXECUTION]: The script scripts/dns_security_checker.py executes system utilities (dig and nslookup) to perform DNS lookups. These executions are performed using argument lists rather than shell strings, which prevents command injection. This behavior is consistent with the skill's intended purpose.
[PROMPT_INJECTION]: The skill maintains an ingestion surface for untrusted data from the public internet (external DNS records), which characterizes a potential surface for indirect prompt injection.
Ingestion points: scripts/dns_security_checker.py retrieves SPF, DKIM, DMARC, DNSSEC, CAA, and MTA-STS records from external name servers.
Boundary markers: Audit findings are presented in structured Markdown or JSON reports; external record content is reported as-is without specific safety delimiters.
Capability inventory: The skill executes local CLI tools (dig/nslookup) and performs file system I/O (reading config files and writing reports).
Sanitization: Input domain names are used in subprocess argument lists to prevent shell injection, and record content is cleaned of DNS-specific formatting characters.

infrastructure-compliance-auditor