incident-management
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references several external scripts (discover-oauth.js, build-auth-url.js, exchange-token.js) and instructs the environment to clone or copy them. No verified source, repository, or integrity check is provided for these files.
- [REMOTE_CODE_EXECUTION] (MEDIUM): The instructions explicitly guide the user to execute these scripts in the agent's environment. Running unverified code from an unspecified origin to handle authentication is a significant security risk.
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill documentation states it 'stores the necessary credentials for future use.' The lack of defined security protocols for local token storage or encryption increases the risk of credential theft.
- [PROMPT_INJECTION] (MEDIUM): Category 8 (Indirect Prompt Injection): The skill processes untrusted data from incident parameters and external server responses. 1. Ingestion points:
createIncidentparameters likenameandcategory, and outputs fromlistIncident(SKILL.md). 2. Boundary markers: No delimiters or instructions are provided to the agent to ignore embedded commands in these fields. 3. Capability inventory: Tool calls to create and retrieve data from an external incident management server. 4. Sanitization: No input validation or escaping mechanisms are mentioned for the incident data.
Audit Metadata