tailscale-subnet-router-debug
Warn
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to perform high-risk system configuration changes. Evidence:
sysctl -w net.ipv4.ip_forward=1modifies kernel parameters to allow packet forwarding, andiptables -t nat -A POSTROUTING -o eth1 -j MASQUERADEmodifies firewall rules to enable network address translation.\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection by processing external tool output.\n - Ingestion points: The workflow parses output from
tailscale status --json(SKILL.md, Step 1) andtailscale debug prefs(SKILL.md, Step 3).\n - Boundary markers: Absent; the agent is directed to use results from these commands without protective delimiters or warnings to ignore potential instructions in the data.\n
- Capability inventory: The skill possesses the ability to execute shell commands and modify core system network settings (forwarding and NAT).\n
- Sanitization: No sanitization or verification of the command output is performed before it is used to determine subsequent actions.
Audit Metadata