dns-troubleshooter
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- REMOTE_CODE_EXECUTION (CRITICAL): The skill provides a command to install the 'doggo' tool using 'curl -fsSL https://raw.githubusercontent.com/mr-karan/doggo/main/install.sh | sh'. Piping a remote script directly to a shell from an untrusted third-party GitHub user (mr-karan) allows for immediate, arbitrary code execution on the host system.
- COMMAND_EXECUTION (HIGH): Several workflows (e.g., Delegation Check) utilize shell command substitution like '$(doggo NS example.com --short | head -1)'. Since the output is fetched from external, untrusted DNS servers, an attacker could return a malicious DNS record containing shell metacharacters (e.g., '; malicious_command') to execute code when the agent runs the interpolated string.
- INDIRECT PROMPT INJECTION (HIGH): The skill processes untrusted data from external DNS records and incorporates it into agent actions.
- Ingestion points: DNS record values (A, NS, TXT) retrieved via tools like doggo and dig.
- Boundary markers: None present.
- Capability inventory: Execution of subprocesses and shell commands.
- Sanitization: None; the tool output is used directly in further shell logic.
- DATA_EXFILTRATION (LOW): The skill performs outbound network operations (DNS queries) which are necessary for its function but could be used to leak domain-related information to third-party resolvers.
Recommendations
- CRITICAL: Downloads and executes remote code from untrusted source(s): https://raw.githubusercontent.com/mr-karan/doggo/main/install.sh - DO NOT USE
- AI detected serious security threats
Audit Metadata