pyats-network
Warn
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The tool
pyats_run_linux_commandallows the execution of arbitrary shell commands on Linux-based devices defined in the testbed. - [REMOTE_CODE_EXECUTION]: The tool
pyats_run_dynamic_testaccepts a full Python script as input and executes it. Although the skill documentation lists banned imports (likeosandsubprocess) and functions (likeexecandeval), the execution of dynamically provided code remains a high-risk pattern. - [DATA_EXFILTRATION]: The tools
pyats_show_running_configandpyats_show_loggingallow the retrieval of sensitive network configurations and system logs. While intended for auditing, this data can contain credentials, network topology details, and security policies. - [INDIRECT_PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it ingests untrusted data from network devices.
- Ingestion points: Device outputs from
pyats_run_show_command,pyats_show_running_config, andpyats_show_logging(e.g., interface descriptions or log messages controlled by an external actor). - Boundary markers: None are defined to separate device output from agent instructions.
- Capability inventory: The skill has significant 'write' and 'execute' capabilities, including
pyats_configure_device,pyats_run_linux_command, andpyats_run_dynamic_test. - Sanitization: While Genie parsing provides structured data, raw text is also processed, and there is no evidence of sanitization to prevent the agent from obeying instructions embedded in device data.
Audit Metadata