infrahub-sot
Pass
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill documentation references an external repository at
github.com/opsmill/infrahub-mcpfor the MCP server implementation. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection surface due to its interaction with untrusted infrastructure data.
- Ingestion points: Data is ingested from Infrahub through
get_nodes,get_related_nodes, andquery_graphql. - Boundary markers: There are no explicit markers or instructions provided to the agent to treat retrieved infrastructure data as untrusted or to ignore embedded instructions.
- Capability inventory: The skill allows for state-changing operations including GraphQL mutations via
query_graphqland the creation of infrastructure branches viabranch_create. - Sanitization: No data sanitization or schema validation processes are specified for content retrieved from the Infrahub instance.
Audit Metadata