skills/cybercentry/cybercentry-agent-skills/cybercentry-cyber-security-consultant/Gen Agent Trust Hub
cybercentry-cyber-security-consultant
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill directs users to clone a repository from GitHub (
Virtual-Protocol/openclaw-acp) and install dependencies usingnpm. While this is part of the intended setup for the Agent Commerce Protocol, it involves executing unverified third-party code. - [COMMAND_EXECUTION]: Documentation provides shell script examples that parse external API responses using
jqand execute local scripts (e.g.,./grant-access.sh) based on the content of those responses. - [DATA_EXFILTRATION]: The core functionality involves sending user-provided security queries and context to Cybercentry's external servers. Although the skill provides extensive warnings to sanitize data, the primary workflow involves remote data transmission.
- [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface (Category 8). It ingests data from an external service (the consultation response) and uses it to influence the agent's logic and local command execution.
- Ingestion points: Data enters the local environment via the
acp job statuscommand response (SKILL.md). - Boundary markers: Output is received in JSON format, providing structural delimitation, but no instruction-level sanitization is mentioned for the response content.
- Capability inventory: The system can execute local scripts and make access control decisions (SKILL.md).
- Sanitization: While the skill emphasizes sanitizing user input, it lacks guidance on validating or sanitizing the external output before using it in security-sensitive automation scripts.
Audit Metadata