Skills
skills/yuyz0112/public-api-skills/pagerduty-api/Gen Agent Trust Hub

pagerduty-api

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • Remote Code Execution / Command Execution (MEDIUM): The PagerDuty API enables the management of "Automation Actions" (described in references/resources/Automation-Actions.md). Specifically, the AutomationActionsScriptActionDataReference schema (references/schemas/Automation/AutomationActionsScriptActionDataReference.md) defines a script field where "the Runner will write the content... into a temp file, make the file executable and execute it." This represents a documented path for the agent to perform high-risk command execution on remote infrastructure. While this is a core API feature, it is a significant risk in an agentic context.
  • Data Exposure & Exfiltration (MEDIUM): The skill documents operations for managing sensitive entities like OAuth clients (references/operations/createOauthClient.md) which involve handling client_secret values and configuring token_url endpoints. Furthermore, the ability to create webhook subscriptions (references/resources/Webhooks.md) allows data to be sent to arbitrary external URLs, providing a mechanism for exfiltration.
  • Indirect Prompt Injection (LOW): This skill presents a substantial attack surface for indirect injection attacks due to its combined capabilities and ingestion points.
  • Ingestion points: The agent retrieves data from various untrusted sources including incident notes (references/schemas/Incident/IncidentNote.md), alert summaries, and status updates.
  • Boundary markers: None identified in the documentation to separate system instructions from external content.
  • Capability inventory: The agent can execute scripts via Automation Actions, exfiltrate data via Webhooks, and manage sensitive account configurations (users, teams, OAuth clients).
  • Sanitization: No specific sanitization or validation logic is described for the content ingested from PagerDuty incidents.
  • Automated Scan Findings (INFO): An automated scan flagged Teams.md for a phishing URL. Manual inspection of the documentation confirms that all links point to legitimate PagerDuty API endpoints, internal documentation, or trusted sources like Wikipedia. This finding is assessed as a false positive based on common URL patterns.
Recommendations
  • Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:29 PM