rr-domain-cli
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the 'rr' CLI tool from the author's (dedene) verified GitHub repository and Homebrew tap. These are documented as trusted vendor resources.
- [COMMAND_EXECUTION]: The skill uses the 'rr' command to interact with the RealtimeRegister API for domain and DNS management. This command execution is consistent with the skill's primary stated purpose.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill ingests external data (domain and DNS records) via API commands like 'rr domain list' and 'rr zone get'. Evidence: Untrusted data enters the context via these ingestion points in 'SKILL.md'; no explicit boundary markers or 'ignore' instructions are provided; capabilities include subprocess execution of the 'rr' binary; no sanitization of API output is mentioned. This is a standard risk for data-processing tools and is noted here as a safe architectural finding.
Audit Metadata