netbox-validation

Pass

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses shell commands to interact with the NetBox API. This includes using curl for REST operations (GET, POST, PATCH, DELETE) and python (via -m json.tool or -c scripts) for parsing and extracting data from JSON responses. These operations are directed at the infrastructure defined by the user's $NETBOX_URL environment variable.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface in its workflow for automated remediation.
  • Ingestion points: Validation findings and results are ingested from the NetBox API (e.g., /api/plugins/validation/findings/), as documented in SKILL.md and references/api-patterns.md.
  • Boundary markers: No specific boundary markers or instructions to ignore embedded commands are present in the documentation for handling findings.
  • Capability inventory: The skill grants the agent the ability to execute network requests via curl to modify NetBox data and perform validation runs across all referenced files.
  • Sanitization: There is no evidence of sanitization or filtering applied to the validation findings before they are analyzed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 23, 2026, 07:26 AM
Security Audit — agent-trust-hub — netbox-validation