pctl
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill exposes an indirect prompt injection surface (Category 8) because it retrieves and processes data from external sources that could contain malicious instructions.
- Ingestion points: The agent fetches data from cloud tenants and local files using
pctl log search,pctl log changes, andpctl journey run. - Boundary markers: No delimiters or instructions to ignore embedded commands are specified in the prompts.
- Capability inventory: The skill utilizes the
pctlCLI which has network access, file system write permissions (log output), and local container management capabilities (ELK stack). - Sanitization: There is no evidence of log content sanitization or validation before processing.
- [COMMAND_EXECUTION]: The skill facilitates the execution of the
pctlCLI tool, which is used to manage local ELK stack infrastructure (start/stop/init containers) and perform administrative actions on identity tenants. While these are legitimate functions for this tool, they represent a significant capability surface controlled by the agent.
Audit Metadata