Skills
skills/delexw/claude-code-misc/pagerduty-oncall/Gen Agent Trust Hub

pagerduty-oncall

Pass

Audited by Gen Agent Trust Hub on Mar 26, 2026

Risk Level: SAFEPROMPT_INJECTIONDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill fetches and processes user-generated content from PagerDuty, which constitutes an untrusted data source.
  • Ingestion points: Incident logs and notes fetched via pd incident log and pd incident notes (SKILL.md Step 7).
  • Boundary markers: No boundary markers or "ignore instructions" delimiters are used when passing this data to the agent.
  • Capability inventory: The agent has access to the Bash tool for executing shell commands and PagerDuty CLI operations.
  • Sanitization: The JavaScript filtering scripts (e.g., parse-log.js, parse-notes.js) extract data fields but do not perform sanitization or escaping to prevent the agent from obeying instructions embedded in notes.
  • [DATA_EXFILTRATION]: Potential Data Exposure. The execution logic in Step 6 redirects raw PagerDuty incident data to /tmp/pd-incidents-raw.json. In multi-user environments, files written to /tmp may be readable by other users, potentially exposing sensitive infrastructure or incident details.
  • [COMMAND_EXECUTION]: Over-privileged Tooling. The skill manifest requests Bash(chmod *) permissions in the allowed-tools section. However, this capability is not used by the scripts or in the execution instructions, violating the principle of least privilege.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 26, 2026, 11:31 PM