net-ops

Pass

Audited by Gen Agent Trust Hub on Jun 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes platform-specific networking utilities (such as nslookup, dig, scutil, and resolvectl) to perform structured diagnostics. This is consistent with its primary purpose of identifying network and DNS resolution faults.
  • [REMOTE_CODE_EXECUTION]: A core feature of the skill is the ability to run its diagnostic scripts on remote hosts via SSH. The ssh-bootstrap.sh script facilitates this by providing invocation patterns for transferring and executing local skill scripts on target systems.
  • [SAFE]: The skill includes an operational security layer (scripts/_lib/redact.sh) that automatically masks sensitive identifiers such as private IP addresses, MAC addresses, and internal tailnet names from the diagnostic output before it is presented to the user or agent.
  • [SAFE]: Repair scripts, such as those for cleaning orphaned VPN DNS rules, default to a dry-run mode. They require an explicit --apply or -Apply flag to perform modifications, which serves as a safety guardrail against unintended system changes.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 21, 2026, 07:50 PM
Security Audit — agent-trust-hub — net-ops