catc-client-ops
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill dynamically constructs shell commands using environment variables (
$CATC_MCP_SCRIPT,$MCP_CALL,$GAIT_MCP_SCRIPT) to define the paths of scripts and execution handlers. This relies on the security of the environment to prevent execution of unauthorized code paths. - [CREDENTIALS_UNSAFE]: Sensitive credentials such as
CCC_PWD(Catalyst Center Password) are passed as environment variables directly in the shell command string (e.g.,CCC_PWD=$CCC_PWD). On many operating systems, these values are visible to all users on the system via process monitoring tools likepsand may be recorded in shell history files. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it processes untrusted data from an external network management system.
- Ingestion points: The skill retrieves client-controlled data such as hostnames, MAC addresses, and OS types from the Cisco Catalyst Center
/dna/data/api/v1/clientsand related endpoints. - Boundary markers: None. The skill does not provide instructions to the agent to treat the API response as potentially untrusted or to ignore embedded instructions within the data.
- Capability inventory: The skill has the capability to execute shell commands and write records to an audit trail via the GAIT MCP script, which could be abused if the agent is manipulated by injected data.
- Sanitization: None. There is no evidence of sanitization or escaping of the network-sourced data before it is interpolated into the agent's context.
Audit Metadata