cisco-support-cli
Pass
Audited by Gen Agent Trust Hub on Mar 31, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches and installs the
cisco-supportCLI utility from the NPM registry as a global package during setup. - [COMMAND_EXECUTION]: The skill operates by executing shell commands using the
cisco-supportCLI to retrieve data from Cisco's infrastructure. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection through data retrieved from Cisco Support APIs.
- Ingestion points: Data enters the agent's context through bug descriptions, support case comments, and security advisories fetched via the
cisco-support bug,case, andpsirtcommands. - Boundary markers: The skill does not provide instructions to the agent to use delimiters or specific ignore-rules for the content of retrieved API data.
- Capability inventory: The agent has the capability to execute shell commands via the CLI, which could be targeted by instructions embedded in the API data.
- Sanitization: No sanitization or structural validation of the API-sourced content is performed before it is presented to the agent.
Audit Metadata