cisco-ise-cli
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides instructions for the agent to execute a variety of network management and troubleshooting commands using the
cisco-iseCLI tool. - [DATA_EXFILTRATION]: The skill facilitates access to sensitive infrastructure data, including MAC addresses, usernames, and RADIUS shared secrets, as part of its documented troubleshooting and configuration functions.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection. 1. Ingestion points: Data entering the agent context includes RADIUS troubleshooting logs and guest user lists. 2. Boundary markers: No explicit prompt delimiters or instructions to ignore embedded commands are provided in the documentation. 3. Capability inventory: The agent has write access capabilities including 'endpoint add' and 'session disconnect'. 4. Sanitization: The instructions do not specify sanitization or validation of data retrieved from ISE before it is provided to the agent.
Audit Metadata