senior-devops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to analyze and process untrusted external content (application code, Terraform files, CI/CD configs) while possessing high-privilege execution capabilities.
- Ingestion points:
project-pathandtarget-pathparameters in scripts, plus general analysis of the working directory. - Boundary markers: None identified in the provided documentation or script usage instructions.
- Capability inventory: Capability to run
kubectl apply,docker build,npm install, and arbitrary local Python scripts that interact with cloud providers (AWS, GCP, Azure). - Sanitization: No evidence of input sanitization or validation of the files being processed.
- Command Execution (MEDIUM): The skill relies on several local Python scripts (
scripts/pipeline_generator.py,scripts/terraform_scaffolder.py,scripts/deployment_manager.py) to perform core functions. Without the source code for these scripts, their behavior regarding system access and credential handling remains unverified. - Unverifiable Dependencies (MEDIUM): The development workflow encourages
npm installandpip install -r requirements.txt. These commands download and execute code from external registries. Without pinned versions or integrity hashes in the instructions, this presents a supply chain risk.
Recommendations
- AI detected serious security threats
Audit Metadata