atmos-stacks
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFENO_CODEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [NO_CODE]: The skill consists entirely of Markdown documentation files for the Atmos configuration tool and does not include any executable scripts, binaries, or active configuration code.
- [COMMAND_EXECUTION]: The documentation describes the !exec YAML function used by the Atmos tool to run shell commands. This is an expected feature of the documented software.
- [EXTERNAL_DOWNLOADS]: The skill explains how Atmos can import configuration files from remote sources such as Git, S3, and HTTPS. These features facilitate configuration reuse.
- [DATA_EXFILTRATION]: The documentation covers features like !terraform.state and !store, which are intended to allow Atmos to read infrastructure state and secrets from authorized external backends.
- [PROMPT_INJECTION]: The skill describes an attack surface for indirect prompt injection as it details how the agent should process YAML manifests that can trigger powerful actions. Ingestion points: YAML stack configuration files and templates. Boundary markers: None mentioned in documentation. Capability inventory: Includes arbitrary shell command execution (!exec), remote file imports (HTTPS, Git, S3), and sensitive data retrieval (!terraform.state, !store). Sanitization: No sanitization or validation of external configuration values is described.
Audit Metadata