Skills
skills/automateyournetwork/netclaw/cml-lab-lifecycle/Gen Agent Trust Hub

cml-lab-lifecycle

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface.
  • Ingestion points: The import_lab tool accepts and processes external topology data in YAML format.
  • Boundary markers: The skill does not include specific instructions to the agent to ignore or isolate instructions that might be embedded within the YAML topology data.
  • Capability inventory: The skill has extensive control over the CML environment, including the ability to create, start, stop, and delete labs, and export node configurations.
  • Sanitization: There is no documentation regarding the validation or sanitization of the YAML input before it is processed by the CML server.
  • [EXTERNAL_DOWNLOADS]: The skill requires the cml-mcp package to be installed via pip. This is a vendor-owned component for CML integration.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:12 AM