The Agent Skills Directory

[COMMAND_EXECUTION]: The skill interpolates the {domain} and {subdomain} variables directly into Bash shell commands, such as dig +short MX {domain}. Without explicit validation of these inputs to ensure they are valid domain names, an attacker could provide input containing shell metacharacters like semicolons or pipes to execute arbitrary commands on the host system.
[PROMPT_INJECTION]: The skill ingests untrusted data from external DNS records which could contain malicious instructions designed to influence the agent's behavior via Indirect Prompt Injection. Ingestion points: DNS query results for MX, TXT, NS, CNAME, and SRV records. Boundary markers: No delimiters or warnings are used to separate record data from instructions. Capability inventory: Usage of Bash for DNS queries via the dig utility. Sanitization: No filtering or escaping is applied to the values returned from the DNS queries before they are processed by the agent.
[COMMAND_EXECUTION]: The skill relies on external shell scripts located at relative paths, specifically ../../../hooks/skills/pre_network_skill_hook.sh. This creates a dependency on a specific host file system layout and assumes the integrity of scripts outside the skill's own directory.

dns-intelligence