domain-dns-ops
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill interacts with the local file system to execute custom scripts located in the
~/Projects/manager/bindirectory, such asnamecheap-set-nsandcloudflare-ai-bots, as part of its core functionality. - [CREDENTIALS_UNSAFE]: The instructions direct the agent to source sensitive environment variables, including
CLOUDFLARE_API_TOKENandCF_API_TOKEN, from standard shell profiles (~/.profile) or project-specific configuration files. This follows established patterns for local developer tooling. - [DATA_EXPOSURE]: The skill reads from local Markdown files (
DOMAINS.md,DNS.md,redirect-worker-mapping.md) to determine the state and intended configuration for domain management operations. - [PROMPT_INJECTION]: There is a surface for indirect prompt injection because the agent treats the content of files within
~/Projects/manageras the authoritative source of truth. If these local files were compromised, they could potentially influence the agent's actions during execution. - Ingestion points:
~/Projects/manager/DOMAINS.md,~/Projects/manager/DNS.md,~/Projects/manager/redirect-worker-mapping.md. - Boundary markers: None identified; the agent is instructed to use these files as primary instructions.
- Capability inventory: Execution of
cli4commands, execution of local binaries inbin/, and Git operations (commit/push). - Sanitization: None identified; the skill relies on the integrity of the local project files.
Audit Metadata