render-deploy
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill utilizes an installation method that pipes a remote script from GitHub directly into the shell. Evidence: Automated scan detected 'curl -fsSL https://raw.githubusercontent.com/render-oss/cli/main/bin/install.sh | sh'. Risk: The 'render-oss' organization is not in the trusted whitelist; a compromise of this repository could lead to arbitrary code execution on the user environment.
- [COMMAND_EXECUTION] (MEDIUM): The skill facilitates the execution of arbitrary build and start commands across multiple runtimes. Evidence: 'references/deployment-details.md' and template files specify commands like 'apt-get install -y', 'npm ci', and 'pip install -r requirements.txt'. Context: While central to the skill's purpose, these commands represent a significant capability tier that requires monitoring.
- [PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection through project manifest files (Category 8). Ingestion points: 'references/codebase-analysis.md' instructs the agent to read 'package.json', 'requirements.txt', and other repo files. Boundary markers: Absent. Capability inventory: MCP tools to create web services and update environment variables ('create_web_service', 'update_environment_variables'). Sanitization: Absent.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The skill references an MCP server and CLI installation tools from non-whitelisted domains. Evidence: 'https://mcp.render.com/mcp' and 'raw.githubusercontent.com/render-oss/'. Risk: Downloads from non-trusted sources increase the supply chain attack surface.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/render-oss/cli/main/bin/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata