cloud-deployment-expert
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): The skill employs 'curl | bash' to install Node.js from nodesource.com, executing remote scripts with root privileges without integrity checks.
- Privilege Escalation (HIGH): Instructions promote usage of 'ssh root' and 'sudo' for setup tasks, granting maximum system permissions.
- Indirect Prompt Injection (LOW): The skill processes external data by cloning a user-defined repository and running 'npm install'. 1. Ingestion points: 'git clone YOUR_REPO' in SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: 'apt install', 'sudo', 'npm install', 'docker compose' in SKILL.md. 4. Sanitization: Absent.
- Data Exposure & Exfiltration (LOW): Hardcoded placeholders for sensitive keys (DATABASE_URL, JWT_SECRET) are present in the example .env file configuration.
Recommendations
- AI detected serious security threats
Audit Metadata