dreamhost-skill
Pass
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes DNS record values (such as TXT or CNAME records) fetched from the DreamHost API. Because these records can be set by third parties, they provide a potential vector for indirect prompt injection.
- Ingestion points: External DNS data enters the context in
dreamhost_skill.pythrough thedns-list_recordsAPI command. - Boundary markers: The
SKILL.mdfile contains a 'CRITICAL: DNS Modification Confirmation Required' section that explicitly instructs the agent to obtain human approval before applying changes, which acts as a safety guardrail. - Capability inventory: The skill has the ability to modify DNS records via the DreamHost API and perform lookups using the system's
digtool. - Sanitization: The Python script handles record data as strings and does not perform specific sanitization for malicious instruction patterns inside the record content.
- [COMMAND_EXECUTION]: The
cmd_check_dnsfunction indreamhost_skill.pyexecutes thedigutility usingsubprocess.run. The implementation correctly uses an argument list instead of a shell string, preventing shell injection vulnerabilities. - [EXTERNAL_DOWNLOADS]: The skill makes network requests to
api.dreamhost.com. This is the official endpoint for a well-known service (DreamHost) and is used for its intended purpose of DNS management.
Audit Metadata