domain-name-brainstormer
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill explicitly directs the agent to perform shell command execution. It instructs the agent to check for the presence of the 'whois' utility using commands like 'which whois' or 'command -v whois', and subsequently execute 'whois ' to verify registration status.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it interpolates untrusted user data into shell commands.
- Ingestion points: User-provided project descriptions and domain name suggestions provided during the brainstorming process.
- Boundary markers: None. The skill does not provide delimiters or instructions to the agent to treat the input as non-executable data.
- Capability inventory: The skill utilizes subprocess execution to run shell commands ('whois').
- Sanitization: None. The instructions lack any requirement for the agent to sanitize, escape, or validate the user-provided strings before they are passed to the system shell, creating a surface for command injection attacks.
Audit Metadata