ise-incident-response
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
python3 $MCP_CALLto execute commands that include script paths defined in environment variables such as$ISE_MCP_SCRIPT,$SERVICENOW_MCP_SCRIPT, and$GAIT_MCP_SCRIPT. This creates a dynamic execution path where the agent's behavior depends on the content and location of external scripts. - [CREDENTIALS_UNSAFE]: Authentication credentials (
$ISE_USERNAMEand$ISE_PASSWORD) are passed as environment variables within a command-line string. This practice can potentially expose credentials in system process logs or process monitors. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks (Category 8) as it processes data from external network services.
- Ingestion points: Data enters the agent's context through tools like
endpoints,active_sessions, andnetwork_access_authorization_rules(file: SKILL.md). - Boundary markers: The skill provides a structured template for the 'ENDPOINT INVESTIGATION SUMMARY' but lacks explicit delimiters or instructions to ignore embedded commands within the retrieved network data.
- Capability inventory: The skill possesses the ability to modify endpoint group memberships in ISE, create and comment on ServiceNow incidents, and record audit trails in GAIT.
- Sanitization: There are no explicit instructions for the agent to sanitize or escape data retrieved from ISE before using it in the 'Risk Assessment' or ServiceNow incident descriptions.
Audit Metadata