domaindetails
Warn
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references an external Node.js package 'domaindetails' to be executed via
npx. This package is downloaded from the public npm registry and does not originate from a recognized or established organization. - [COMMAND_EXECUTION]: The skill uses
curlto perform network requests tomcp.domaindetails.comandapi.domaindetails.com. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface as it accepts user-provided domain names for use in API requests and CLI execution. 1. Ingestion points: domain parameters in URLs and CLI arguments in SKILL.md. 2. Boundary markers: No markers or warnings are present to isolate the domain input from the command context. 3. Capability inventory: Use of
curlfor web requests andnpxfor package execution. 4. Sanitization: The skill does not demonstrate any input validation or escaping for the domain strings.
Audit Metadata