Skills
skills/sysdig/skills/sysdig-onboarding/Gen Agent Trust Hub

sysdig-onboarding

Fail

Audited by Gen Agent Trust Hub on May 12, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The script scripts/validate_prereqs.sh installs the Azure CLI using a shell-piped download command (curl | bash) targeting Microsoft's official infrastructure. This is a common pattern for installing required cloud dependencies from a well-known service.
  • [EXTERNAL_DOWNLOADS]: The skill downloads providers and modules from established registries (GitHub, HashiCorp, Sysdig) and fetches the Azure CLI installer from Microsoft. These operations target well-known technology providers and are consistent with the skill's primary purpose of infrastructure onboarding.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting data from locally persisted session files to pre-fill the discovery interview context.
  • Ingestion points: environment.yaml and customer-log.md are read at the start of each session in SKILL.md.
  • Boundary markers: No explicit delimiters or boundary instructions are used when interpolating this historical data into the current session context.
  • Capability inventory: The skill possesses high-privilege capabilities including terraform apply, helm install, and kubectl apply across multiple scripts.
  • Sanitization: No sanitization or validation logic is present for the data read from session history before it is used to influence the agent's wizard flow.
Recommendations
  • HIGH: Downloads and executes remote code from: https://aka.ms/InstallAzureCLIDeb - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
May 12, 2026, 10:54 PM