Skills
skills/fldc/agent-skills/loopia-dns/Gen Agent Trust Hub

loopia-dns

Pass

Audited by Gen Agent Trust Hub on Apr 2, 2026

Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill accesses a local configuration file to load credentials for the Loopia API.
  • Evidence: The script scripts/loopia_dns_cli.py reads sensitive data from ~/.config/ehh-skills/config.env and environment variables (LOOPIA_USER, LOOPIA_PASSWORD). These credentials are transmitted to the Loopia XML-RPC endpoint (https://api.loopia.se/RPCSERV) to authenticate requests. While this is necessary for the skill's functionality, it involves handling sensitive authentication tokens and reading from a hidden configuration directory.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion of external DNS record data.
  • Ingestion points: The list-records and list-a-records commands in scripts/loopia_dns_cli.py fetch subdomain names and record data (rdata) from the Loopia API.
  • Boundary markers: There are no explicit boundary markers or delimiters used when presenting the fetched DNS data to the agent in the instructions.
  • Capability inventory: The skill possesses mutation capabilities, including the ability to add, update, and remove DNS records via addZoneRecord, updateZoneRecord, and removeZoneRecord methods.
  • Sanitization: The script uses standard XML-RPC and JSON libraries for data serialization, but does not perform content-level sanitization of the DNS record values before they are processed by the agent.
  • Risk: An attacker who controls a DNS record in a zone managed by this skill could potentially embed malicious instructions in the record data (e.g., in a TXT record) to influence the agent's behavior during inspection.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 2, 2026, 10:31 AM