cml-node-operations
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides the
execute_commandtool, which allows for the execution of CLI commands on network nodes within a CML environment using pyATS.\n- [EXTERNAL_DOWNLOADS]: The skill documentation indicates a dependency on thecml-mcpPython package, which must be installed via pip.\n- [CREDENTIALS_UNSAFE]: The skill relies on environment variables (CML_USERNAME,CML_PASSWORD) for authentication, which is a standard but sensitive method for managing server access.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection due to its processing of untrusted data from network devices.\n - Ingestion points: External data enters the agent context through
get_node_console_log(device logs),execute_command(CLI output), andget_node_config(configurations) as described inSKILL.md.\n - Boundary markers: No explicit delimiters or instructions are used to signal the agent to ignore or isolate instructions that might be embedded in the retrieved device data.\n
- Capability inventory: Across its tools, the skill can execute commands (
execute_command), modify node configurations (set_node_config), and perform lifecycle actions (stop_node,wipe_node) via the CML API.\n - Sanitization: There is no evidence of data sanitization or validation performed on the information retrieved from nodes before it is interpreted by the agent.
Audit Metadata