fleet-inventory
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows secure design principles by separating discovery from remediation and requiring pre-flight validation of the environment via the
/mcp-lightspeed-validatorskill. - [COMMAND_EXECUTION]: Operations are limited to specific MCP tools (
get_host_details,get_cve_systems) provided by thelightspeed-mcpserver, which prevents arbitrary command execution. - [CREDENTIALS_UNSAFE]: No hardcoded credentials detected. The skill utilizes environment variables for authentication and includes documentation in
references/05-error-handling.mdexplicitly warning against echoing these secrets. - [PROMPT_INJECTION]: No evidence of instructions designed to bypass agent safety guardrails or override system prompts was detected.
Audit Metadata