Skills
skills/automateyournetwork/netclaw/gtrace-path-analysis/Gen Agent Trust Hub

gtrace-path-analysis

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes the gtrace binary and python3 via an MCP wrapper to perform network diagnostics. This is consistent with the skill's primary purpose of network troubleshooting.
  • [EXTERNAL_DOWNLOADS]: The globalping tool interacts with the external GlobalPing API to perform distributed network probes. GlobalPing is a well-known service for network testing and is used here for its intended purpose.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes untrusted data from network nodes (such as reverse DNS hostnames and hop information).
  • Ingestion points: Hop hostnames, IP addresses, and metadata returned by the traceroute, mtr, and globalping commands in SKILL.md.
  • Boundary markers: None identified in the provided documentation to delimit untrusted network output from instructions.
  • Capability inventory: Executes system commands via python3 $MCP_CALL (subprocess-like behavior).
  • Sanitization: No explicit sanitization or validation of the network-returned data is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:12 AM