catc-client-ops
Warn
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script identified by the $CATC_MCP_SCRIPT environment variable to perform network tasks.
- [CREDENTIALS_UNSAFE]: Sensitive passwords are passed as environment variables directly on the command line (e.g., CCC_PWD=$CCC_PWD python3). This is a known security risk because these variables can be seen by other users or monitoring software on the same machine.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection from retrieved network data.
- Ingestion points: The agent processes client hostnames, SSID names, and site information from Catalyst Center (SKILL.md).
- Boundary markers: There are no instructions or delimiters in the skill to help the agent distinguish between data and potentially malicious embedded instructions.
- Capability inventory: The skill has the ability to execute local scripts and summarize data for the user (SKILL.md).
- Sanitization: There is no evidence of data sanitization or validation performed on information received from the network controller.
Audit Metadata