cisco-cdr-mcp
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the user to configure an external HTTP MCP server at 'https://cdr-backend.tuce.ohsu.edu/mcp' to handle CDR and CMR data processing.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by retrieving untrusted data (device names, user descriptions, call records) from an external database and injecting it into the agent's context.
- Ingestion points: The 'cdr_search', 'cdr_trace', 'cdr_quality', 'cdr_stats', and 'cdr_health' tools all return records from an external database.
- Boundary markers: The skill does not provide instructions for the agent to use delimiters or ignore instructions embedded within the retrieved records.
- Capability inventory: The agent may have access to sensitive tools (shell, filesystem) while processing this external data.
- Sanitization: There is no mention of sanitization or validation of the data retrieved from the MCP server.
- [COMMAND_EXECUTION]: The 'cdr_trace' tool is designed to return a 'ready-to-run' command string ('sdl_trace_command') for use with the 'cisco-dime' utility. This creates a dependency on external data to generate executable command lines.
Audit Metadata