domain-dns-ops
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill directs the agent to source
~/.profileand local project profiles to retrieve sensitive credentials such asCLOUDFLARE_API_TOKEN. Accessing shell profiles is a high-privilege action that can expose various environment secrets. The severity is downgraded from HIGH because this access is required for the skill's primary administrative function. - [COMMAND_EXECUTION] (LOW): The skill executes local scripts (e.g.,
bin/namecheap-set-ns) and system tools likecli4,git,dig, andcurl. This is the intended behavior but grants the agent significant capability to alter network infrastructure. - [PROMPT_INJECTION] (LOW): The skill is vulnerable to Indirect Prompt Injection (Category 8) as it relies on local data files for its operational logic.
- Ingestion points:
~/Projects/manager/DOMAINS.md,~/Projects/manager/DNS.md, and~/Projects/manager/redirect-worker-mapping.md. - Boundary markers: None; the agent is instructed to treat these files as a source of truth without explicit delimiters or warnings to ignore instructions embedded within the data.
- Capability inventory:
cli4(API access),git(repository management), and arbitrary execution of local binaries. - Sanitization: No evidence of content validation or sanitization before the data is processed by the agent.
Audit Metadata