security-case-management
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: This skill provides administrative functionality for Elastic Security case management, allowing analysts to create, update, and search for security incidents.
- [COMMAND_EXECUTION]: The skill utilizes a local Node.js script (
case-manager.js) to interact with the Kibana REST API. Subprocess execution is restricted to the specific CLI tool and does not allow for arbitrary shell injection. - [PROMPT_INJECTION]: The skill has an indirect injection surface as it retrieves and displays case data (titles, descriptions, comments) which could contain malicious instructions.
- Ingestion points:
case-manager.js(commands: list, find, get). - Boundary markers: Absent.
- Capability inventory: Ability to create/update cases and add comments via
case-manager.js. - Sanitization: Data retrieved from the API is presented directly to the agent context without escaping.
- [EXTERNAL_DOWNLOADS]: No remote scripts or binary assets are downloaded or executed at runtime. All operations are performed against the user-configured Kibana instance.
Audit Metadata