domain-puppy
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFE
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by reading user-controlled project files (e.g., README.md, package.json) to generate brainstorming context. However, it implements proactive mitigations in the system instructions.
- Ingestion points: Project configuration and documentation files (SKILL.md, Step 2).
- Boundary markers: While explicit delimiters are not defined in the prompt interpolation, the skill provides a strong negative constraint instructing the agent to treat file content as untrusted input and ignore any embedded instructions or prompts.
- Capability inventory: Network access via MCP tools to a dedicated Cloudflare Worker for domain lookup and pricing data.
- Sanitization: The agent is instructed to extract only specific metadata (project name, description, keywords) for context.
- [EXTERNAL_DOWNLOADS]: The skill communicates with a custom Cloudflare Worker proxy (
domain-puppy-proxy.mattjdalley.workers.dev) to perform domain availability and aftermarket pricing checks. This architectural design ensures that third-party API credentials (Fastly, Sedo) remain server-side and are never exposed to the client or the local environment. - [COMMAND_EXECUTION]: The skill uses local file read capabilities (Glob and File.read) to analyze project context. These operations are restricted to specific, well-known configuration files and do not involve arbitrary command execution or shell spawning.
Audit Metadata