Skills
skills/automateyournetwork/netclaw/fwrule-analyzer/Gen Agent Trust Hub

fwrule-analyzer

Warn

Audited by Gen Agent Trust Hub on May 18, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill recommends installing a parser from an unverified personal GitHub repository ('akshaysiddaram/fwrule-mcp.git') to enable FortiOS support.
  • [REMOTE_CODE_EXECUTION]: The instruction to use 'pip install git+https://github.com/akshaysiddaram/fwrule-mcp.git' results in the download and execution of arbitrary code from a third-party personal account during the installation process.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through its processing of untrusted data.
  • Ingestion points: The 'parse_policy' and 'analyze_firewall_rule_overlap' tools ingest raw, vendor-native firewall configurations ('ruleset_payload') which are complex and attacker-controllable.
  • Boundary markers: There are no explicit boundary markers or instructions to the agent to ignore embedded commands within the firewall configuration payloads.
  • Capability inventory: The skill requires 'python3' and executes shell commands via 'uv run' to operate the MCP server, providing a platform for potential exploitation if a parser is compromised.
  • Sanitization: No sanitization, escaping, or validation logic is described for the configuration text before it is processed by the multi-vendor parsing engine.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 18, 2026, 02:49 PM
Security Audit — agent-trust-hub — fwrule-analyzer