Trust Assessment
dns-networking received a trust score of 54/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Potential Command Injection via `docker exec` placeholder, Documentation of privileged `sudo` commands.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints HTTP request to raw IP address Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/gitgoodordietrying/dns-networking/SKILL.md:222 | |
| HIGH | Potential Command Injection via `docker exec` placeholder The skill provides an example command `docker exec my-container nc -zv db 5432`. If an AI agent substitutes user-controlled input for `my-container` without proper shell escaping, an attacker could inject arbitrary shell commands. For example, providing `"; rm -rf /;"` as the container name would lead to execution of `rm -rf /` by the shell before `docker exec` is invoked. When executing commands with user-provided input, ensure all variables are properly escaped or validated to prevent shell metacharacters from being interpreted as commands. For `docker exec`, the container name should be strictly validated or quoted using `printf %q`. | LLM | SKILL.md:154 | |
| MEDIUM | Documentation of privileged `sudo` commands The skill includes many examples of commands that require `sudo` (e.g., `sudo iptables`, `sudo ufw`, `sudo dscacheutil`, `sudo systemd-resolve`). If the AI agent's execution environment allows it to run commands with `sudo` privileges, and it generates or executes these commands with user-controlled arguments, it could lead to privilege escalation and arbitrary command execution. The skill normalizes the use of `sudo` for debugging, which is common, but poses a significant risk in an automated agent context. AI agent execution environments should strictly control or disallow `sudo` commands from untrusted skill content. If `sudo` is necessary, implement robust input validation and whitelisting for commands and arguments, and ensure the agent cannot pass arbitrary user input to privileged commands. | LLM | SKILL.md:60 | |
| LOW | Example shows credentials in plain text proxy URL The skill demonstrates how to configure a proxy with credentials embedded directly in the URL (`http://user:password@proxy.example.com:8080`). While this is a common configuration pattern, if an AI agent were to use this pattern with real credentials (e.g., from its context or user input), it could lead to sensitive information being exposed in environment variables, command history, or logs, making it vulnerable to credential harvesting. Avoid embedding credentials directly in URLs or environment variables. Use secure credential management systems (e.g., secret stores, environment variables loaded securely) and pass credentials to tools via secure methods (e.g., stdin, dedicated configuration files with restricted permissions) where possible. | LLM | SKILL.md:260 |
Scan History
Embed Code
[](https://skillshield.io/report/056bc47f58091901)
Powered by SkillShield