The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to execute commands using the pattern CCC_PWD=$CCC_PWD python3 -u $CATC_MCP_SCRIPT. Passing passwords as environment variables on the command line is insecure as they may be visible in process listings or system logs.
[COMMAND_EXECUTION]: The skill's core functionality relies on the execution of shell commands through a custom $MCP_CALL wrapper. It dynamically constructs these commands using several environment variables ($CATC_MCP_SCRIPT, $MCP_CALL), making the execution flow dependent on external environment configuration.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. Ingestion points: Network device data (hostnames, serial numbers, platform IDs, location names) and site hierarchies are fetched from the Catalyst Center API via fetch_devices and fetch_sites. Boundary markers: The instructions lack specific delimiters or "ignore embedded instructions" directives when processing or reporting this data. Capability inventory: The skill can execute Python scripts ($CATC_MCP_SCRIPT, $PYATS_MCP_SCRIPT) and record activities via $GAIT_MCP_SCRIPT. Sanitization: There is no evidence of sanitization or validation of the strings retrieved from the network controller before they are included in generated reports or GAIT records.

catc-inventory