cloud-management
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute high-privilege cloud management commands using the
aws,az, andgcloudCLIs. It also executes bundled Python scripts (detect_repo_stack.pyandcloud_change_guard.py) to automate repository analysis and risk assessment. These capabilities are the primary function of the skill and are mitigated by explicit instructions to seek user approval for sensitive tasks. - [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests untrusted data from the local repository to determine deployment strategies.
- Ingestion points: The
scripts/detect_repo_stack.pyscript reads multiple files from the local repository, includingpackage.json,pyproject.toml,requirements.txt, and.env.example, to infer the technology stack. - Boundary markers: The skill does not explicitly define delimiters for the data returned by the detection script, relying on the agent's internal logic to interpret the resulting JSON.
- Capability inventory: The agent has extensive capabilities, including full access to cloud provider CLIs, infrastructure-as-code tools (Terraform, Pulumi, Bicep), and the ability to run local scripts.
- Sanitization: The analysis scripts perform keyword and regex-based detection on file contents but do not execute or evaluate the content of the files they read. The 'Approval Model' and 'Guard Script' serve as the primary defensive layers against potentially malicious local configurations.
Audit Metadata