email-dns-health
Pass
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and presents data from external, potentially attacker-controlled DNS TXT records (SPF, DKIM, DMARC).\n
- Ingestion points: The
dig_txtfunction inscripts/email-dns-health.shfetches arbitrary text from remote DNS TXT records.\n - Boundary markers: While output is structured as JSON, the raw content of DNS records is passed to the agent without delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill allows the agent to read local environment files and provides instructions for performing automated DNS updates via API.\n
- Sanitization: The script performs basic character filtering using
trandsedbut does not sanitize the records for malicious natural language instructions that could influence agent behavior.\n- [DATA_EXFILTRATION]: The skill documentation (SKILL.md) directs the agent to access sensitive credentials (Cloudflare API token) stored at~/.claude/email-dns-health/.env. While this is a skill-specific configuration file used for the legitimate 'fix' functionality, accessing environment files containing secrets is a sensitive operation that increases the impact of potential injection attacks.\n- [COMMAND_EXECUTION]: The helper scriptscripts/email-dns-health.shexecutes system commandsdigandjqusing domain names provided by the user. The domain arguments are correctly double-quoted in the shell script, which prevents direct command injection via the shell.
Audit Metadata