Skills
skills/automateyournetwork/netclaw/infrahub-sot/Gen Agent Trust Hub

infrahub-sot

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its architecture of ingesting and processing untrusted data from an external infrastructure database.
  • Ingestion points: Data is entering the agent's context through tools like get_nodes, get_related_nodes, and query_graphql as described in SKILL.md.
  • Boundary markers: The skill lacks explicit boundary markers or instructions to the agent to ignore potential instructions embedded within the infrastructure data values.
  • Capability inventory: The skill possesses write capabilities through the query_graphql tool (allowing mutations) and branch_create, which could be used to alter infrastructure state if the agent is influenced by malicious data (SKILL.md).
  • Sanitization: There is no mention of sanitization, validation, or escaping of the content retrieved from Infrahub before it is presented to the language model.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 06:12 AM