brand-alchemy
Pass
Audited by Gen Agent Trust Hub on May 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes a local Python script (scripts/domain_checker.py) via the Bash tool to check domain availability. This script performs DNS resolutions and RDAP queries which are standard for the skill naming functions.\n- [PROMPT_INJECTION]: The skill has an indirect prompt injection surface because it takes user-provided strings and uses them as command-line arguments for the domain checker.\n
- Ingestion points: User-supplied brand names in the conversation (SKILL.md).\n
- Boundary markers: Absent; the instructions do not use delimiters to wrap the user input when passed to the shell.\n
- Capability inventory: Uses Bash to run local scripts and Read to access local playbooks.\n
- Sanitization: Absent; however, the domain_checker.py script uses standard library functions for lookups rather than shell-executing commands on the input, which significantly limits the risk.\n- [SAFE]: The network activity performed by the domain checker targets rdap.org, a well-known public registry data service. SSL certificate verification is disabled in the script, which is a common but minor security best practice violation in this context.
Audit Metadata