pihole-ctl
Warn
Audited by Gen Agent Trust Hub on Feb 26, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires executing the
piholecommand-line utility for administrative tasks such as updating blocklists or checking service status. - [COMMAND_EXECUTION]: Documentation indicates that enabling or disabling the Pi-hole service requires
sudoprivileges, which represents a privilege escalation vector if the agent is granted the ability to use sudo. - [DATA_EXFILTRATION]: The skill reads from
/etc/pihole/pihole-FTL.db, which stores sensitive privacy-related data including client hostnames, IP addresses, and the complete DNS query history for the local network. - [PROMPT_INJECTION]: The skill processes potentially untrusted data from the network environment (external domain names and local hostnames) stored in the Pi-hole database, creating a surface for indirect prompt injection.
- Ingestion points: DNS query logs (domains) and network discovery tables (hostnames) are read by
scripts/query_db.py. - Boundary markers: Results from database queries are returned as JSON without explicit delimiters or instructions for the agent to ignore embedded commands within the data.
- Capability inventory: The skill can read local files and is designed to execute system commands, including those requiring elevated privileges.
- Sanitization: The Python implementation correctly uses parameterized SQL queries via the
sqlite3library and utilizes read-only URI mode to prevent SQL injection or accidental database modification.
Audit Metadata