skills/mukul975/anthropic-cybersecurity-skills/deploying-palo-alto-prisma-access-zero-trust/Gen Agent Trust Hub
deploying-palo-alto-prisma-access-zero-trust
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches infrastructure templates from Amazon S3 (
prisma-access-connector-templates.s3.amazonaws.com). This uses a well-known cloud storage service to retrieve official configuration files for deployment. - [COMMAND_EXECUTION]: Provides instructions for executing cloud infrastructure commands via the AWS CLI (
aws cloudformation create-stack) and performing local file operations to generate configuration XML files. - [DATA_EXFILTRATION]: The audit script
scripts/agent.pyperforms network requests to Palo Alto Networks' official API domains (api.sase.paloaltonetworks.comandauth.apps.paloaltonetworks.com) to manage authentication tokens and retrieve security configuration data. - [PROMPT_INJECTION]: Indirect prompt injection surface identified:
- Ingestion points: The script
scripts/agent.pyretrieves security rule names, descriptions, and HIP profile data from external API endpoints. - Boundary markers: Absent; external data from the API is processed and printed directly to the console output.
- Capability inventory: The script possesses capabilities for network communication (via
requests) and local file system writes (viajson.dump). - Sanitization: No sanitization or validation is performed on the data retrieved from the external API before processing.
Audit Metadata