The Agent Skills Directory

[CREDENTIALS_UNSAFE]: The skill instructs the agent to pass credentials ($CCC_USER, $CCC_PWD) as environment variables directly in shell command lines (e.g., CCC_PWD=$CCC_PWD python3 ...). This practice exposes sensitive secrets to any user or process on the host system capable of viewing the process table (e.g., using the ps or top commands).
[COMMAND_EXECUTION]: The skill implements workflows that execute shell commands via $MCP_CALL and run CLI commands on network hardware using tools like pyats_run_show_command. There is no evidence of input validation or sanitization for the command arguments, which could lead to command injection if untrusted or maliciously crafted network data is processed.
[DATA_EXFILTRATION]: Passing credentials via command-line environment variables increases the risk of sensitive data exposure through shell history files, system audit logs, and diagnostic output from monitoring tools.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of network controller data.
Ingestion points: Device metadata, hostnames, and interface statuses fetched in SKILL.md via fetch_devices and fetch_interfaces.
Boundary markers: None present to delimit untrusted network data from agent instructions.
Capability inventory: The skill has the ability to execute arbitrary CLI commands on network devices (pyats_run_show_command), perform network pings (pyats_ping_from_network_device), and access system logs (pyats_show_logging).
Sanitization: No sanitization or escaping of external content is specified before it is interpolated into subsequent diagnostic commands.

catc-troubleshoot