web-deploy-github
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes natural language user requests to generate code and perform deployment operations.
- Ingestion points: User-provided site descriptions and project names utilized during project initialization and content generation.
- Boundary markers: Absent; the skill does not employ delimiters or specific instructions to isolate user-provided content from the agent's internal logic.
- Capability inventory: The skill can modify the local file system, execute shell scripts, and interact with the GitHub API via the authenticated CLI.
- Sanitization: Absent; user input is used in code generation and as script arguments without validation or escaping.
- [COMMAND_EXECUTION]: The skill executes local shell scripts to initialize project structures and manage git operations. These scripts use quoted variables to mitigate common command injection risks but rely on the integrity of the arguments provided by the agent.
- [EXTERNAL_DOWNLOADS]: The skill configures GitHub Actions workflows using official and versioned components from the GitHub Actions organization (e.g.,
actions/checkout@v4). These are well-known, trusted resources.
Audit Metadata