Skills
skills/deepdotspace/deepspace-skill/deepspace/Gen Agent Trust Hub

deepspace

Pass

Audited by Gen Agent Trust Hub on May 1, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill utilizes the deepspace and create-deepspace packages from the author's ecosystem for project scaffolding and management.
  • [COMMAND_EXECUTION]: Project operations rely on a dedicated CLI for authentication, local development, and deployment (e.g., npx deepspace login, npx deepspace deploy).
  • [DATA_EXFILTRATION]: For identity management and testing, the skill accesses sensitive local file paths: ~/.deepspace/session (auth tokens), ~/.deepspace/test-accounts.json (test credentials), and environment variables in .dev.vars or .env (project secrets).
  • [PROMPT_INJECTION]: A surface for indirect prompt injection exists (Category 8) due to the skill's architectural pattern:
  • Ingestion points: Untrusted data is retrieved from external sources like Wikipedia, GitHub, and search engines via proxied integration endpoints.
  • Boundary markers: The instructions do not define mandatory delimiters or isolation protocols for external data when it is interpolated into AI prompts.
  • Capability inventory: Privileged operations such as server actions and database mutations are available to scripts that may process this external data.
  • Sanitization: Guidelines for filtering or escaping external content before processing are absent in the provided documentation.
Audit Metadata
Risk Level
SAFE
Analyzed
May 1, 2026, 09:47 PM