devops-automator
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill identifies a surface for indirect prompt injection due to its core functionality of processing external configuration data using powerful system tools.\n
- Ingestion points: Reads and modifies user-provided files including GitHub Actions workflows, Dockerfiles, Kubernetes manifests, and Terraform scripts using the
Readtool.\n - Boundary markers: The instructions do not define delimiters or specific 'ignore' directives to prevent the agent from executing instructions that may be embedded within the files it is tasked to manage.\n
- Capability inventory: Granted high-privilege access to system tools including
kubectl,terraform,helm,docker, and theghCLI via theBashtool, alongsideWriteandEditfile operations.\n - Sanitization: No mechanism is provided to sanitize or validate that the content of the ingested files does not contain adversarial instructions intended to manipulate the agent's behavior.
Audit Metadata