sailpoint-provisioning-failure-triage
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on the sail CLI to execute shell commands for environment management (listing and switching environments) and performing API calls. This allows the agent to interact with the local system and the remote SailPoint tenant.
- [PROMPT_INJECTION]: The skill processes error messages and status data fetched from external SailPoint API responses. This creates an indirect prompt injection surface where data from the target systems could contain instructions designed to manipulate the agent's behavior.
- Ingestion points: The skill parses result fields and messages from account activities, task statuses, and access request statuses (SKILL.md).
- Boundary markers: There are no explicit markers or instructions provided to the agent to distinguish between data and potential instructions in the API responses.
- Capability inventory: The skill provides the agent with the ability to execute shell commands and query APIs via the sail CLI.
- Sanitization: No specific sanitization or validation is implemented to filter or escape instructions within the ingested data before it is presented to the user or used in reasoning.
Audit Metadata