subdomain-takeover
Pass
Audited by Gen Agent Trust Hub on Apr 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill describes a methodology that involves ingesting and analyzing untrusted data from external sources, which presents an attack surface for indirect prompt injection.
- Ingestion points: The agent is instructed to resolve DNS records (using
dig) and fetch HTTP response content (usingcurl) from target subdomains (SKILL.md, Sections 2, 4, 5, and 8). - Boundary markers: The instructions lack explicit boundary markers or directions to treat the external data as non-executable text, potentially allowing malicious content in those responses to influence the agent's logic.
- Capability inventory: The process involves executing various CLI tools including
dig,curl,aws,heroku, andgitbased on the interpretation of the external data (SKILL.md, Sections 2, 4, and 5). - Sanitization: There are no provisions for sanitizing or validating the content received from external services before it is processed by the agent.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute various system commands and third-party CLI tools to perform detection and exploitation tasks.
- Evidence: Procedures include commands such as
dig,curl,aws s3 mb,heroku domains:add, andgit(SKILL.md, Sections 2, 4, and 5).
Audit Metadata