The Agent Skills Directory

[COMMAND_EXECUTION]: The skill executes multiple shell commands using python3 and node based on environment variables ($MCP_CALL, $ISE_MCP_SCRIPT, $MARKMAP_MCP_SCRIPT). These commands are used to interact with Cisco ISE APIs and generate visualization artifacts.
[PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection because it retrieves and processes configuration data from an external source (Cisco ISE).
Ingestion points: Untrusted data enters the agent context through the output of tools like network_access_policy_set, network_access_authorization_rules, and endpoints (referenced in SKILL.md).
Boundary markers: The instructions do not define delimiters or provide specific warnings to the agent to ignore instructions embedded within the audited network data.
Capability inventory: The skill has access to shell execution (python3, node) and credential-handling environment variables, which could be leveraged if an injection is successful.
Sanitization: There is no evidence of sanitization, escaping, or schema validation for the data retrieved from the ISE environment before the agent evaluates it.

ise-posture-audit