Skills
skills/l3digital-net/claude-code-plugins/pihole/Gen Agent Trust Hub

pihole

Fail

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: Provides the official Pi-hole installation command which fetches and executes a script from a remote server.
  • Evidence: curl -sSL https://install.pi-hole.net | bash in SKILL.md.
  • Context: The script is sourced from the official Pi-hole project domain, which is a well-known service.
  • [COMMAND_EXECUTION]: Includes commands that require elevated privileges to modify system-level configuration files.
  • Evidence: Shell commands in references/configuration.md such as sudo sed -i ... /etc/systemd/resolved.conf and sudo rm /etc/resolv.conf.
  • Context: These operations are intended to resolve network port conflicts but involve high-privilege changes to the host operating system.
  • [COMMAND_EXECUTION]: Vulnerability surface for indirect prompt injection.
  • Ingestion points: SKILL.md (triggers on pi-hole, ad blocker, etc.).
  • Boundary markers: Absent.
  • Capability inventory: pihole CLI, sudo system modifications, systemctl service control.
  • Sanitization: Absent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://install.pi-hole.net - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 18, 2026, 01:37 PM