Skills
skills/secondsky/sap-skills/sap-btp-service-manager/Gen Agent Trust Hub

sap-btp-service-manager

Pass

Audited by Gen Agent Trust Hub on Mar 15, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and provides instructions for downloading official and well-known tools:
  • Downloads the Service Manager CLI (SMCTL) from the Peripli GitHub repository, a community project supported by SAP.
  • Installs the SAP BTP Service Operator for Kubernetes via official SAP Helm charts hosted on GitHub.
  • References cert-manager installation from its official GitHub releases.
  • [COMMAND_EXECUTION]: The skill provides a wide array of commands for system interaction:
  • Executes smctl, btp, and cf CLI tools for BTP resource management.
  • Uses kubectl and helm for managing Kubernetes-native service resources.
  • Includes a utility script oauth-token-request.sh that uses curl to interact with user-specified authentication endpoints.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection via data processed from external sources:
  • Ingestion points: Reads service instance names, plan descriptions, and parameters from SAP BTP APIs via smctl and btp CLI outputs, as well as Kubernetes secrets.
  • Boundary markers: The instructions recommend using structured output formats (JSON/YAML) which helps in separating data from instructions, though explicit LLM delimiters are not enforced.
  • Capability inventory: The skill has broad capabilities including file system access (writing token responses), network access (API calls), and command execution across multiple CLIs.
  • Sanitization: There is no explicit sanitization logic for external data; it relies on the agent's internal safety filters.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 15, 2026, 01:27 AM