Skills
skills/varnan-tech/opendirectory/brand-alchemy/Gen Agent Trust Hub

brand-alchemy

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the AI agent to execute a bundled Python script (scripts/domain_checker.py) using the Bash tool to perform domain availability lookups.
  • [EXTERNAL_DOWNLOADS]: The domain_checker.py script connects to the rdap.org service to fetch domain registration information. rdap.org is a recognized well-known service for domain data.
  • [EXTERNAL_DOWNLOADS]: The bundled domain checker script disables SSL certificate verification (ssl.CERT_NONE) when making requests to the RDAP service.
  • [PROMPT_INJECTION]: The skill creates an indirect prompt injection surface by ingesting user-provided brand details and using AI-generated names as shell command arguments without explicit sanitization or boundary markers. * Ingestion points: User input captured during 'The Interrogation' phase in SKILL.md (Step 1). * Boundary markers: Absent. * Capability inventory: Subprocess calls via the Bash tool for running the Python script. * Sanitization: None provided for the generated names before shell execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 06:58 AM