yqcloud-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several shell commands including
curl,git,grep, andcatto perform deployment tasks. These commands are used to query API versions, clone repositories, and modify configuration files as part of the intended GitOps workflow. - [EXTERNAL_DOWNLOADS]: The skill fetches data and clones repositories from
code.choerodon.com.cnandchart.choerodon.com.cn. These are recognized as official infrastructure for the YQCloud service being managed. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests and processes JSON data from the ChartMuseum API and YAML configuration files from Git repositories.
- Ingestion points: Data enters the context via
curloutput saved to~/tmp/andgit cloneoperations on deployment repositories. - Boundary markers: None identified in the provided instructions.
- Capability inventory: Includes filesystem access (
mkdir,cd,tee), network access (curl), and Git operations (git push,git commit). - Sanitization: No explicit sanitization or validation of the fetched JSON or YAML content is performed before processing.
- [CREDENTIALS_UNSAFE]: The documentation suggests the possibility of passing credentials via the
-u username:passwordflag incurlcommands. While no hardcoded credentials are provided, this practice can lead to the exposure of secrets in environment logs or command history.
Audit Metadata