deployment-engineer
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (LOW): Indirect Prompt Injection Surface (Category 8).\n
- Ingestion points: The
scripts/generate_deploy.pyandscripts/validate_deploy.pyscripts ingest untrusted strings via CLI arguments (--name,--env,--owner,--input).\n - Boundary markers: Absent; inputs are directly interpolated into markdown templates or used as file paths without delimiters or 'ignore' instructions.\n
- Capability inventory: The skill is configured with
Read,Write,Edit, andBashtools, which can be leveraged by the scripts to modify the filesystem.\n - Sanitization: No input validation or path sanitization is performed, creating a surface for markdown injection or potential path traversal if the agent processes malicious user-supplied data.\n- [CREDENTIALS_UNSAFE] (SAFE): Documentation Placeholders.\n
- Evidence:
API_KEY=sk-...andDATABASE_URL=postgresql://...are present inSKILL.md.\n - Context: These use the ellipsis (
...) notation and are located within markdown code blocks demonstrating environment configuration, qualifying them as benign placeholders rather than hardcoded secrets.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata