Skills
skills/delexw/claude-code-misc/pagerduty-oncall/Gen Agent Trust Hub

pagerduty-oncall

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses the Bash tool to execute PagerDuty CLI commands (pd auth, pd incident list, etc.) and Node.js helper scripts for data processing and analysis.
  • [EXTERNAL_DOWNLOADS]: Mentions the PagerDuty CLI (martindstone/pagerduty-cli), a well-known community utility for interacting with the PagerDuty REST API.
  • [PROMPT_INJECTION]: The skill processes untrusted data from external sources, specifically PagerDuty incident logs and notes, which could contain adversarial content intended to influence the agent.
  • Ingestion points: Incident details, log entries, and notes are fetched via pd incident log and pd incident notes as described in SKILL.md.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the prompt templates when processing this data.
  • Capability inventory: The skill possesses significant capabilities including Bash execution, node script execution, and Write/Edit tools for report generation.
  • Sanitization: The helper scripts scripts/parse-log.js and scripts/parse-notes.js perform structural filtering by extracting specific JSON fields, but they do not sanitize or escape the string content within those fields.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 01:29 PM