pagerduty-automation
Pass
Audited by Gen Agent Trust Hub on Apr 1, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [INDIRECT_PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from PagerDuty incidents, notes, and alerts which are potentially attacker-controlled.
- Ingestion points: Data enters the agent's context through tools like PAGERDUTY_FETCH_INCIDENT_LIST and PAGERDUTY_GET_ALERTS_BY_INCIDENT_ID (SKILL.md).
- Boundary markers: The skill does not define delimiters or provide instructions to ignore embedded commands within the retrieved data.
- Capability inventory: The toolset includes extensive write permissions, such as updating incidents, services, and schedules, which could be abused if an injection is successful (SKILL.md).
- Sanitization: No explicit sanitization or validation of external content is mentioned in the setup or workflows.
Audit Metadata