cisco-ise-cli
Warn
Audited by Gen Agent Trust Hub on Mar 20, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides an interface to the 'cisco-ise' CLI, enabling the agent to execute management operations on Cisco ISE, including modifying network devices, managing user accounts, and terminating sessions.
- [CREDENTIALS_UNSAFE]: The skill documentation explicitly notes that the 'network-device get' command returns RADIUS shared secrets in plaintext. It also suggests using environment variables (e.g., CISCO_ISE_PASSWORD) for ISE credentials and notes that the '--insecure' flag is commonly required, which disables SSL certificate validation.
- [DATA_EXFILTRATION]: The CLI enables access to sensitive network data, including active session details, MAC addresses, internal user lists, and RADIUS authentication logs.
- [PROMPT_INJECTION]: The skill has a large attack surface for indirect prompt injection as it ingests data from a network environment that can be influenced by untrusted users or devices. \n
- Ingestion points: Data from ISE commands such as 'session list', 'radius troubleshoot', 'endpoint list', and 'guest list'. \n
- Boundary markers: Absent; no instructions are provided to the agent to treat external network data as untrusted or to use delimiters. \n
- Capability inventory: Highly sensitive write operations across 'endpoint', 'network-device', 'internal-user', 'guest', and 'session' command groups. \n
- Sanitization: None documented; the tool provides a '--format toon' option intended for direct agent consumption without mentioning filtering of malicious content.
Audit Metadata