implementing-zero-trust-dns-with-nextdns

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed sensitive values verbatim (e.g., curl -H "X-Api-Key: your-api-key" and profile IDs like abc123 in DoH URLs), which instructs placing API keys/profile tokens directly into commands/requests and thus requires handling secrets in output.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's agent (scripts/agent.py and the SKILL.md workflows) explicitly fetches data from the public NextDNS API (e.g., GET /profiles/{id}/logs and analytics at https://api.nextdns.io) and ingests DNS query logs and analytics—untrusted, user-generated third-party content—which the agent parses and uses to drive audits, detections, and policy actions.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs the agent to run sudo commands and modify system-level configuration files and services (e.g., /etc/systemd/resolved.conf, systemctl restarts, installing system daemons) which directly change the machine's state and require elevated privileges.