sysdig-investigate
Pass
Audited by Gen Agent Trust Hub on May 12, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection by incorporating untrusted data from the monitored environment into generated tickets.
- Ingestion points: Metadata such as Kubernetes labels, annotations, image references, and vulnerability findings are fetched from the Sysdig tenant via tools like list_candidate_remediation_jobs and SysQL queries.
- Boundary markers: While image references are wrapped in formatting blocks for Jira, there are no comprehensive delimiters or instructions to ignore embedded commands for other metadata fields like workload labels or impact assessments.
- Capability inventory: The agent can perform network requests through ticketing system tools (Jira, Linear, GitHub) and trigger remediation via the /sysdig-remediate skill.
- Sanitization: No explicit sanitization or validation of the fetched metadata is performed before it is interpolated into the tracking ticket templates.
- [EXTERNAL_DOWNLOADS]: The skill utilizes external packages and servers to enable its integration capabilities.
- Evidence: It configuration specifies the use of @sysdig/secure-mcp-server, mcp-atlassian, and jsdom via the npx command.
- Context: These packages are sourced from the vendor's own repository or from established technology services as part of standard tool setup.
Audit Metadata