Skills
skills/idanbeck/claude-skills/godaddy-skill/Gen Agent Trust Hub

godaddy-skill

Pass

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the dig utility to check DNS propagation.\n
  • Evidence: subprocess.run([\"dig\", ...]) in godaddy_skill.py.\n
  • Context: Arguments are passed as a list without shell=True, effectively mitigating shell injection risks.\n- [DATA_EXFILTRATION]: The skill reads stored API credentials and transmits them to GoDaddy's API for authentication.\n
  • Evidence: api_request function in godaddy_skill.py uses credentials from config.json.\n
  • Context: This is standard and necessary functionality for an API-based management tool, targeting the official service domain.\n- [PROMPT_INJECTION]: The skill displays data fetched from the GoDaddy API, which represents an indirect prompt injection surface.\n
  • Ingestion points: Result data from api_request (e.g., domain names, DNS record values) in godaddy_skill.py.\n
  • Boundary markers: Not present.\n
  • Capability inventory: API record updates and local dig execution.\n
  • Sanitization: Data is parsed as JSON and the user is explicitly warned to confirm changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 29, 2026, 03:31 AM