netmap
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/netmap.pyinvokes system tools such asifconfigandarpviasubprocess.run(shell=True). Although the command strings are hardcoded within the script, using a shell environment to execute system binaries is a broader privilege than necessary for these tasks.\n- [DATA_EXFILTRATION]: The skill performs automated reconnaissance of the local network environment. It aggregates sensitive metadata—including internal IP addresses, hardware (MAC) addresses, and Tailscale node details—and returns this information to the agent context. This allows an agent to construct a map of the internal network and identify other connected devices.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted data from the local network environment and includes it in the model's context.\n - Ingestion points: The script
scripts/netmap.pyreads and parses output fromifconfig,arp -a, andtailscale status.\n - Boundary markers: There are no delimiters or instructions in the skill metadata to prevent the agent from being influenced by data found in network peer names or configuration strings.\n
- Capability inventory: The skill possesses the capability to execute shell commands and read network state via
scripts/netmap.py.\n - Sanitization: No escaping or validation is applied to the network-sourced strings before they are presented to the agent.
Audit Metadata