pyats-security
Warn
Audited by Gen Agent Trust Hub on Mar 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill uses 'npx -y nvd-cve-mcp-server' to download and execute code directly from the NPM registry at runtime. This dynamic execution of an unverified package bypasses static security reviews and poses a supply chain risk.\n- [EXTERNAL_DOWNLOADS]: Fetches and runs external software without version pinning or integrity verification via the npx utility.\n- [CREDENTIALS_UNSAFE]: References '$ISE_USERNAME' and '$ISE_PASSWORD' environment variables to interact with Cisco ISE. Passing credentials as environment variables to subprocesses can lead to sensitive data leakage in process trees or system logs.\n- [COMMAND_EXECUTION]: Executes multiple shell commands and scripts through a generic '$MCP_CALL' wrapper, including the dynamic npx command and scripts for configuration extraction.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection as it processes untrusted data from network devices and external vulnerability databases.\n
- Ingestion points: Running configurations pulled from network devices (Step 1) and vulnerability data retrieved from the NVD CVE server.\n
- Boundary markers: None implemented to distinguish between configuration data and agent instructions.\n
- Capability inventory: Significant capabilities including shell command execution and remote auditing via '$MCP_CALL'.\n
- Sanitization: No validation or sanitization is performed on configuration content or CVE descriptions before they are processed or logged into GAIT.
Audit Metadata