devops-automation
Pass
Audited by Gen Agent Trust Hub on Mar 5, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from external triggers.\n
- Ingestion points: Data enters the agent context through GitHub webhooks (e.g., commit messages, pull request titles) and monitoring alerts from systems like Prometheus or Datadog.\n
- Boundary markers: Templates used for automated notifications (e.g., {commit_message}, {top_errors}) lack delimiters or instructions to ignore embedded commands.\n
- Capability inventory: The skill has access to high-privilege MCP tools and CLI utilities including github_api, aws_cli, kubernetes_api, and jenkins_trigger.\n
- Sanitization: There is no evidence of input validation or escaping for the external content before it is processed by the agent.\n- [COMMAND_EXECUTION]: The skill facilitates the execution of high-impact infrastructure management commands.\n
- Evidence: The workflow definitions explicitly include the use of AWS CLI, Kubernetes API, Terraform, and Ansible to manage production environments, deployments, and provisioning.
Audit Metadata