networking
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill provides instructions for installing Tailscale using a remote script execution pattern.
- Evidence:
curl -fsSL https://tailscale.com/install.sh | shinreferences/vpn.md. - Context: Tailscale is a well-known service, and this command is the standard installation method for its Linux client. No malicious parameters or unknown sources were detected.
- [COMMAND_EXECUTION]: The skill requires and provides instructions for executing system-level commands to manage networking, firewalls, and services.
- Evidence: Commands such as
ip link,nft list ruleset,systemctl enable nftables, andsysctl -w net.ipv4.ip_forward=1are found throughout the documentation. - Context: These capabilities are essential for the primary purpose of configuring Linux networking and troubleshooting.
- [PROMPT_INJECTION]: The skill exhibits an attack surface for Indirect Prompt Injection (Category 8) due to its use of network diagnostic tools that ingest untrusted data.
- Ingestion points: Network packets and headers captured via
tcpdumpandtshark, as well as HTTP responses fetched viacurl(referenced inreferences/troubleshooting.md). - Boundary markers: Absent; the skill does not specify delimiters or instructions to ignore embedded content in tool output.
- Capability inventory: Full access to networking configuration tools (
ip,nft,wg,cloudflared) and service management (systemctl) inSKILL.mdand reference files. - Sanitization: Absent; there is no explicit validation or escaping of the output from diagnostic tools before it is processed by the agent.
Audit Metadata