kamal
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides numerous instructions for executing the
kamalCLI tool to manage remote infrastructure. This includes executing commands inside application containers (kamal app exec), on host servers (kamal server exec), and within accessory containers (kamal accessory exec), which are primary features of the deployment tool. - [EXTERNAL_DOWNLOADS]: The documentation includes instructions to install the
kamalpackage via the RubyGems registry using the commandgem install kamal. - [PROMPT_INJECTION]: A surface for indirect prompt injection exists because the skill involves the agent reading and potentially acting upon application and accessory logs.
- Ingestion points: Application logs (
kamal app logs) and accessory logs (kamal accessory logs) as detailed inreferences/commands.md. - Boundary markers: None provided; log output is typically processed as raw text.
- Capability inventory: The skill provides full access to remote command execution capabilities via the
kamalCLI (app exec,server exec,accessory exec). - Sanitization: No log sanitization or input validation mechanisms are described for log processing.
Audit Metadata