security-alert-triage
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute Node.js scripts from the command line to perform security operations, including fetching alerts, running queries, and acknowledging alerts. The
scripts/kibana-client.jsscript allows disabling TLS certificate verification if theKIBANA_INSECUREenvironment variable is enabled, which could expose the agent to man-in-the-middle attacks. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it ingests untrusted data from security alerts and log events into the agent's context. * Ingestion points: Alert data retrieved in
scripts/fetch-next-alert.jsand query results fromscripts/run-query.js. * Boundary markers: The skill does not explicitly use boundary markers for tool output, though it instructs the agent to report output verbatim. * Capability inventory: The skill can modify alert statuses via the Kibana API (scripts/acknowledge-alert.js) and perform file operations for temporary query storage. * Sanitization: No sanitization of ingested alert fields was identified. - [DATA_EXFILTRATION]: The scripts perform network operations to user-defined Elasticsearch and Kibana endpoints. These operations are used to fetch and transmit security alert data and authentication tokens.
Audit Metadata