cisco-ucce-cli
Warn
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill requires the installation of the
cisco-uccepackage from the public NPM registry, which is an external and unverified dependency.\n- [COMMAND_EXECUTION]: The skill's workflows rely on executing shell commands, including thecisco-ucceutility,watch,jq, and bash loops to interact with remote Cisco systems.\n- [CREDENTIALS_UNSAFE]: The documentation instructs users to store usernames and passwords for multiple Cisco services in a local configuration file (~/.cisco-ucce/config.json).\n- [DATA_EXFILTRATION]: The skill provides tools to retrieve and export sensitive diagnostic information from production servers, such as network configurations (ipconfig,netstat), running processes, and administrative logs.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes and displays data from external Cisco APIs (e.g., agent and team lists) without sanitization.\n - Ingestion points: Data enters the agent context through
cisco-uccecommand outputs from Finesse, AW, CVP, and VVB APIs.\n - Boundary markers: The instructions lack delimiters or warnings to ignore instructions that might be embedded in the API responses.\n
- Capability inventory: The skill can execute shell commands and write to the local file system (e.g., exporting CSVs).\n
- Sanitization: No mechanisms for validation or sanitization of the content retrieved from the Cisco APIs are described or implemented.
Audit Metadata