net-ops
Pass
Audited by Gen Agent Trust Hub on Jun 21, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes platform-specific networking utilities (such as nslookup, dig, scutil, and resolvectl) to perform structured diagnostics. This is consistent with its primary purpose of identifying network and DNS resolution faults.
- [REMOTE_CODE_EXECUTION]: A core feature of the skill is the ability to run its diagnostic scripts on remote hosts via SSH. The
ssh-bootstrap.shscript facilitates this by providing invocation patterns for transferring and executing local skill scripts on target systems. - [SAFE]: The skill includes an operational security layer (
scripts/_lib/redact.sh) that automatically masks sensitive identifiers such as private IP addresses, MAC addresses, and internal tailnet names from the diagnostic output before it is presented to the user or agent. - [SAFE]: Repair scripts, such as those for cleaning orphaned VPN DNS rules, default to a dry-run mode. They require an explicit
--applyor-Applyflag to perform modifications, which serves as a safety guardrail against unintended system changes.
Audit Metadata