fiber-report
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface because it ingests data from external ADVA ALM devices to populate an HTML audit report.
- Ingestion points: Data enters the agent's context through MCP tools
alm_list_alarms,alm_get_port, andalm_get_measurement_historywhich fetch state from physical hardware. - Boundary markers: The skill lacks explicit delimiters or "ignore instructions" warnings when interpolating device-provided fields like
{PORT_NAME}or{FAILURE_DESCRIPTION}into the final report template. - Capability inventory: The skill utilizes file-writing capabilities (
alm_download_trace_to_file,generate_alm_diagrams, and manual HTML creation) to store reports locally. - Sanitization: There is no evidence of string sanitization or validation for the metadata retrieved from the hardware ports before it is processed by the agent.
Audit Metadata