Skills
skills/cmds-cc/skills/cisco-axl-cli/Gen Agent Trust Hub

cisco-axl-cli

Pass

Audited by Gen Agent Trust Hub on Apr 6, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill requires the installation of the cisco-axl package globally via npm or execution via npx. It also suggests installing json-variables and csv-parse for bulk provisioning tasks.
  • [COMMAND_EXECUTION]: The skill enables management of Cisco CUCM through a CLI tool that can execute CRUD operations, arbitrary SQL queries, and dynamic AXL operations.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by processing user-provided CSV files and JSON templates. 1. Ingestion points: Reads data from local CSV (--csv) and JSON (--template, --vars) files. 2. Boundary markers: No markers or instructions are provided to the agent to ignore embedded commands within the processed data. 3. Capability inventory: The tool performs network operations (CUCM API calls), file system reads, and writes to an audit log file (~/.cisco-axl/audit.jsonl). 4. Sanitization: No explicit sanitization or validation of the external content is described before execution.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 6, 2026, 02:04 AM