windows-remote-desktop-connection-doctor
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill processes untrusted data by reading application logs from '~/Library/Containers/com.microsoft.rdc.macos/Data/Library/Logs/Windows App/'. A malicious actor capable of influencing log content could attempt to inject instructions, although the risk is mitigated by the specific patterns targeted by the diagnostic logic. Evidence: Ingestion points: log files in Windows App container; Boundary markers: absent; Capability inventory: Bash, Grep, Python3; Sanitization: absent.
- Dynamic Execution (LOW): Includes a Python one-liner ('python3 -c') used to test STUN connectivity to Google's public servers. This is a static, low-risk diagnostic script but constitutes runtime code execution.
- Data Exposure & Exfiltration (LOW): The skill contains a 'curl' command targeting a local API ('http://:8080/api/read') to read proxy configurations. While intended for local troubleshooting, this pattern involves querying local network endpoints.
- Unverifiable Dependencies & Remote Code Execution (SAFE): An automated scanner flagged 'socket.AF' as a malicious URL. This is a confirmed false positive, as the string refers to the 'socket.AF_INET' constant in the provided Python diagnostic script, not a network URL.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata