cisco-ise-cli
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill wraps functionality of the cisco-ise CLI tool, allowing the agent to execute network management and identity operations on the connected ISE infrastructure.\n- [DATA_EXFILTRATION]: Technical documentation notes that high-privilege commands like network-device get can expose sensitive information, including RADIUS shared secrets in plain text.\n- [CREDENTIALS_UNSAFE]: The skill describes using environment variables for credential storage while explicitly recommending the use of Secret Server or vault-based references for production environments.\n- [EXTERNAL_DOWNLOADS]: References a dependency on the ss-cli tool to enable secure password resolution from external secret management systems.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its integration with external data sources.\n
- Ingestion points: The agent processes responses from the Cisco ISE API and local CSV files during endpoint management.\n
- Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided instructions.\n
- Capability inventory: The skill has the ability to execute shell commands, perform network operations, and write to a local audit log file.\n
- Sanitization: No specific data validation or sanitization steps are documented for processing API or file-based inputs.
Audit Metadata