netbox-custom-scripts

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides a shell command for environment verification using curl. This command interacts with the NetBox API using the $NETBOX_TOKEN environment variable and formats the output with python -m json.tool.
  • [PROMPT_INJECTION]: The documentation identifies a surface for indirect prompt injection where custom scripts process untrusted data (e.g., through FileVar for file uploads) and perform database operations.
  • Ingestion points: Ingestion of untrusted data through FileVar in SKILL.md and references/script-variables.md (e.g., data['csv_file'].read()).
  • Boundary markers: No specific delimiters or boundary markers are suggested for processing external data.
  • Capability inventory: The skill documents full Django ORM access, enabling scripts to create, update, and delete objects within the NetBox database as seen in references/orm-patterns.md.
  • Sanitization: The skill mitigates risks by instructing developers to always call full_clean() before saving objects to ensure model-level validation.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:27 AM
Security Audit — agent-trust-hub — netbox-custom-scripts