implementing-zero-trust-dns-with-nextdns

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill autonomously fetches and processes user-generated/untrusted DNS query logs and analytics from the public NextDNS API (e.g., scripts/agent.py calls https://api.nextdns.io/profiles/{profile_id}/logs and SKILL.md describes API/log workflows), and those external logs are parsed and used to make blocking/denylist/policy decisions, so third-party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a Linux install command that fetches and executes remote code at runtime via curl: sh -c 'sh -e $(curl -sL https://nextdns.io/install)', which directly executes content from https://nextdns.io/install and is therefore a high-risk runtime external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt contains explicit privileged operations (sudo tee to /etc/systemd/resolved.conf, sudo systemctl restart, sudo nextdns install, PowerShell admin DNS commands, router firmware commands, and remote install scripts) that directly modify system configuration and require elevated privileges, thus pushing the agent to change the machine's state.