skills/mukul975/anthropic-cybersecurity-skills/detecting-attacks-on-historian-servers/Gen Agent Trust Hub
detecting-attacks-on-historian-servers
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The agent script in
scripts/agent.pyperforms network operations by scanning for open ports using the Pythonsocketlibrary to identify historian services (e.g., ports 5450, 8088). - [EXTERNAL_DOWNLOADS]: The skill relies on the standard
requestslibrary for all network-based API interactions. The scripts contain logic to notify the user if this dependency is missing. - [DATA_EXPOSURE_AND_EXFILTRATION]: The
scripts/agent.pyfile allows users to disable TLS certificate verification by setting an environment variableSKIP_TLS_VERIFY. While a common feature for testing in OT environments with self-signed certificates, it could lead to data exposure if used in production settings. - [METADATA_POISONING]: There is a minor inconsistency between the author name 'mahipal' listed in the
SKILL.mdfrontmatter and the name 'mukul975' mentioned in theLICENSEfile. - [INDIRECT_PROMPT_INJECTION]: The skill provides an attack surface for indirect prompt injection because it ingests and processes untrusted time-series data and log files from external historians.
- Ingestion points: Data is retrieved via
requests.getfrom historian APIs inSKILL.md(lines 78, 92, 126) andscripts/agent.py(lines 52, 74, 98, 103). - Boundary markers: No delimiters or boundary instructions are used to separate retrieved data from agent instructions.
- Capability inventory: The skill has network access via the
requestslibrary and file-writing capabilities inscripts/agent.py(line 173). - Sanitization: There is no evidence of sanitization or validation of the retrieved historian data before it is processed or analyzed.
- Ingestion points: Data is retrieved via
Audit Metadata