The Agent Skills Directory

[COMMAND_EXECUTION]: The skill builds shell commands by interpolating variables and script paths into strings (e.g., in Phase 1 and Phase 6). This pattern is vulnerable to command injection if the arguments, tool names, or JSON payloads are influenced by unsanitized untrusted data.
[CREDENTIALS_UNSAFE]: Sensitive authentication credentials, including $ISE_USERNAME and $ISE_PASSWORD, are passed directly within a command string as environment variables. This practice exposes the secrets in plain text to the system's process table, making them accessible to other users or monitoring tools on the host.
[PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests data from external sources (ISE endpoint details, usernames, and profiles) and incorporates it into reports and ServiceNow tickets without explicit boundary markers or sanitization. Malicious content within these fields could influence the agent's summary or the content of automated incident records.
Ingestion points: ISE endpoint lookups, session checks, and profile data (SKILL.md).
Boundary markers: None identified in the prompt templates.
Capability inventory: Endpoint group modification (quarantine), ServiceNow incident creation, and GAIT record logging.
Sanitization: No evidence of input escaping or validation before interpolation into command strings or ticket descriptions.

ise-incident-response