skills/mukul975/anthropic-cybersecurity-skills/containing-active-security-breach/Gen Agent Trust Hub
containing-active-security-breach
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The automation scripts
scripts/agent.pyandscripts/process.pyexecute system-level commands (PowerShell, iptables, netsh) by interpolating variables directly into command strings without adequate shell escaping. - Evidence:
scripts/agent.pyuses f-strings indisable_ad_accountandblock_ip_firewallto build PowerShell commands.scripts/process.pyuses similar patterns for firewall rules and system discovery tools likenetstatandps. - [EXTERNAL_DOWNLOADS]: The skill documentation and scripts recommend installing multiple third-party Python packages for API interaction and directory services.
- Evidence:
requests,ldap3,python-dateutil,pyyaml, andcrowdstrike-falconpyare listed as requirements. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests and acts upon data from external security tools (Splunk and CrowdStrike) where an attacker might influence content.
- Ingestion points: SIEM search results and EDR detection metadata processed in
scripts/process.py. - Boundary markers: No delimiters or instruction-ignore markers are used when processing external data.
- Capability inventory: The skill has high-privilege capabilities including modifying firewall rules, disabling user accounts, and collecting system-wide process/network information.
- Sanitization: Input variables such as hostnames and usernames are subjected to minimal sanitization before being used in command execution logic.
Audit Metadata