domain-dns-ops
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill directs the agent to source sensitive API tokens (CLOUDFLARE_API_TOKEN, CF_API_TOKEN) from user-level configuration files such as ~/.profile and project-specific profile files.
- [COMMAND_EXECUTION]: The skill invokes several local scripts and utilities, including the Cloudflare CLI (cli4) and custom binaries located in ~/Projects/manager/bin/, such as namecheap-set-ns and cloudflare-ai-bots.
- [DATA_EXFILTRATION]: The skill possesses the capability to read sensitive credentials and perform network operations via curl and cli4, which could be leveraged to exfiltrate data or perform unauthorized account changes.
- [PROMPT_INJECTION]: The skill processes untrusted data from local markdown files to parameterize shell commands, creating an attack surface for indirect prompt injection. * Ingestion points: ~/Projects/manager/DOMAINS.md and ~/Projects/manager/redirect-worker-mapping.md. * Boundary markers: None present; the skill treats content from these files as direct parameters for command execution. * Capability inventory: Network operations (cli4, curl), file system modification (git push), and local script execution across multiple binaries in the bin directory. * Sanitization: No evidence of validation, escaping, or filtering of the content read from the domain mapping files before it is used in CLI calls.
Recommendations
- AI detected serious security threats
Audit Metadata