Skills
skills/automateyournetwork/netclaw/pyats-topology/Gen Agent Trust Hub

pyats-topology

Pass

Audited by Gen Agent Trust Hub on Mar 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands through variables like $MCP_CALL and $PYATS_MCP_SCRIPT to run network commands and interact with backend tools.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests untrusted data from network devices without explicit sanitization.
  • Ingestion points: Network device command outputs in SKILL.md (e.g., show cdp neighbors detail, show arp, show ip ospf neighbor).
  • Boundary markers: No delimiters or ignore-instructions markers are used for external data.
  • Capability inventory: The skill has access to shell execution via $MCP_CALL and interaction with NetBox and GAIT APIs.
  • Sanitization: No input validation or character escaping is defined for the discovered network data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 17, 2026, 03:36 AM