dig
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses inline command execution syntax to check for the presence of the 'dig' utility and associated wrapper scripts within the environment (e.g., '!command -v dig').
- [COMMAND_EXECUTION]: The skill executes local shell scripts located in 'scripts/dig/' using user-provided arguments like '' and ''. If these scripts do not implement strict input validation, they may be vulnerable to command injection.
- [COMMAND_EXECUTION]: The skill invokes the 'dig' binary directly with various flags and user-supplied parameters, including specific nameservers and target domains.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests untrusted data from external DNS records (specifically TXT, MX, and SOA records). An attacker could place malicious instructions inside these records to influence the agent's behavior once the results are processed.
- Ingestion points: DNS record query results returned by 'dig' or wrapper scripts.
- Boundary markers: None explicitly defined in the provided file to separate DNS output from agent instructions.
- Capability inventory: Access to system commands ('dig', 'bash') and file system checks ('test -f').
- Sanitization: The skill mentions a PreToolUse hook for validating targets against a scope file, which provides some mitigation against unauthorized target selection, but no specific sanitization of the data returned from queries is mentioned.
Audit Metadata