tailscale
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The
SKILL.mdfile contains aggressive and forceful directives such as '⚠️ MANDATORY SKILL INVOCATION ⚠️', 'YOU MUST invoke this skill', and 'Failure to invoke this skill... violates your operational requirements'. These are designed to override the agent's natural instruction following and safety filters. - [DATA_EXFILTRATION]: The
scripts/ts-api.shscript contains acmd_acl_validatefunction that takes a user-provided file path and sends the file's content as a POST body tohttps://api.tailscale.com/api/v2/tailnet/-/acl/validate. This represents a significant attack surface where an agent could be manipulated into reading sensitive local files (e.g., SSH keys or system configs) and exfiltrating them to the external API endpoint. - [COMMAND_EXECUTION]: The skill performs extensive local command execution via the
tailscaleCLI and several helper scripts. Thescripts/load-env.shutility uses thesourcecommand on.envfiles located in standard user directories like~/.claude/.env. Sourcing these files executes any code contained within them, posing a risk if the environment files are tampered with. - [EXTERNAL_DOWNLOADS]: The documentation in
references/quick-reference.mddescribes a workflow that involves piping a remote script to a shell (curl -fsSL https://tailscale.com/install.sh | sh). While this targets a well-known service, it is a high-risk execution pattern.
Audit Metadata