dns-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill instructs the agent to locate and present specific configuration snippets/evidence from zone and resolver files (and to check key material like DNSSEC/TSIG), which can contain secrets or keys that the LLM would output verbatim, creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow explicitly instructs the agent to verify and analyze third-party RPZ/protective-DNS feeds and DNS zone/configuration content (Step 4.1: "Verify RPZ zone content and update mechanism" and related checks of TXT/zone data), which are untrusted external data sources the agent must read and which can materially influence findings and remediation decisions.