Skills
skills/delexw/claude-code-misc/pageduty-oncall/Gen Agent Trust Hub

pageduty-oncall

Warn

Audited by Gen Agent Trust Hub on Mar 1, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The authenticate function in scripts/pd-client.js directly interpolates the PAGEDUTY_API_TOKEN environment variable into a shell command string used with execSync without any escaping or validation. This allows for arbitrary command execution if the environment variable is configured with shell metacharacters.
  • [CREDENTIALS_UNSAFE]: The skill uses the pd auth add --token command, which typically causes the PagerDuty CLI to store the provided API token in a plain-text configuration file on the local file system (e.g., ~/.config/pagerduty/config.json). This results in persistent credential exposure.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) because it ingests untrusted data from PagerDuty incident titles, logs, and notes to generate an analysis report.
  • Ingestion points: Incident titles, notes, and logs are fetched via scripts/fetch-pd.js and saved to the .pageduty-oncall-tmp/ directory.
  • Boundary markers: None. The model is instructed to read the JSON files and produce a report without explicit delimiters or warnings to ignore embedded instructions.
  • Capability inventory: The skill has access to Bash, Read, and Write tools, providing a significant attack surface if the agent is manipulated.
  • Sanitization: There is no evidence of sanitization or filtering of the external incident content before it is processed by the LLM.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 03:48 AM