Skills
skills/dmitryprg-ai/cursor-develop-autorules/deploy-app/Gen Agent Trust Hub

deploy-app

Warn

Audited by Gen Agent Trust Hub on Mar 10, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The deployment scripts (deploy-all.sh, deploy-backend.sh, and deploy-frontend.sh) use the eval shell command to execute build and service restart instructions fetched from project.config.json. This pattern allows for arbitrary shell command execution based on the contents of the configuration file.
  • [CREDENTIALS_UNSAFE]: The skill manages Basic Authentication credentials stored in a secrets directory (.cursor/.secrets/). These credentials are interpolated into curl commands, which could lead to exposure if the environment or the target site URL is compromised.
  • [COMMAND_EXECUTION]: The deploy-all.sh script executes sudo systemctl status, indicating that the skill expects or requires elevated privileges to monitor system services.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 10, 2026, 03:04 AM