domain-mask
Warn
Audited by Gen Agent Trust Hub on Jul 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requires administrative privileges via
sudoto modify the system's/etc/hostsfile and listen on privileged network port 443. It also invokes system commands likemkcertandwhichviaexecSyncto manage local certificates.\n- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by proxying external content.\n - Ingestion points: Data from the user-provided
target-urlis piped through the proxy inscripts/domain-mask.mjs.\n - Boundary markers: Absent. The skill does not wrap proxied content in delimiters or provide safety warnings to the agent.\n
- Capability inventory: The skill possesses high-privilege capabilities including writing to
/etc/hosts, binding to port 443, and executing CLI commands.\n - Sanitization: Absent. The documentation explicitly notes that the tool does not rewrite or sanitize response bodies from the target URL.
Audit Metadata