netbox-validation
Pass
Audited by Gen Agent Trust Hub on Jun 23, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill extensively uses shell commands to interact with the NetBox API. This includes using
curlfor REST operations (GET, POST, PATCH, DELETE) andpython(via-m json.toolor-cscripts) for parsing and extracting data from JSON responses. These operations are directed at the infrastructure defined by the user's$NETBOX_URLenvironment variable. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface in its workflow for automated remediation.
- Ingestion points: Validation findings and results are ingested from the NetBox API (e.g.,
/api/plugins/validation/findings/), as documented inSKILL.mdandreferences/api-patterns.md. - Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the documentation for handling findings.
- Capability inventory: The skill grants the agent the ability to execute network requests via
curlto modify NetBox data and perform validation runs across all referenced files. - Sanitization: There is no evidence of sanitization or filtering applied to the validation findings before they are analyzed by the agent.
Audit Metadata