performing-dns-enumeration-and-zone-transfer
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute several third-party command-line utilities for network reconnaissance, including dig, host, dnsrecon, dnsenum, subfinder, amass, gobuster, and httpx.
- [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection due to the processing of untrusted external data. * Ingestion points: Data is ingested from external DNS servers and third-party discovery tools (e.g., in SKILL.md steps 3 and 6). * Boundary markers: Absent; there are no protective delimiters or instructions to ignore potential commands embedded in DNS records or tool outputs. * Capability inventory: The skill executes network commands and performs file writes based on the processed data. * Sanitization: Absent; the workflow lacks sanitization or validation steps for content retrieved from external sources before it is passed to subsequent tools or shell loops.
Audit Metadata