tailscale-localsend
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- COMMAND_EXECUTION (LOW): The skill executes
tailscale status --jsonviasubprocess.runintailscale_localsend.py. While this is a standard administrative command for the intended purpose, it represents local system command execution. - DATA_EXFILTRATION (MEDIUM): The
sendmethod intailscale_localsend.pycan read any file path accessible to the agent and transmit its contents via HTTP to a network peer. An agent could be manipulated through prompt injection to send sensitive system files (e.g., SSH keys, configuration files) to a malicious peer discovered on the network. - DATA_EXPOSURE (MEDIUM): The
receivemethod starts an unauthenticatedHTTPServerthat accepts file uploads from any network peer and writes them to the local disk. This creates a surface for attackers to place malicious files on the host system or perform a denial-of-service attack by filling disk space. - EXTERNAL_DOWNLOADS (LOW): The documentation mentions an integration with
epistemic-arbitrage, which is an unknown and potentially unverified external package. - INDIRECT_PROMPT_INJECTION (LOW): The skill ingests untrusted data from network peers via UDP multicast discovery and HTTP file reception. If the agent later parses or follows instructions contained within the metadata or contents of these files, it creates a surface for indirect prompt injection.
Audit Metadata