disaster-recovery-planner
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill parses external IaC files (Terraform/CloudFormation) provided in the user-controlled 'dir' argument, which could contain malicious instructions hidden in comments. Ingestion points: Infrastructure configuration files within the project directory. Boundary markers: No delimiters or isolation protocols are described in the documentation. Capability inventory: Reads project files and generates/writes runbooks to the filesystem via the 'out' argument. Sanitization: No validation or escaping of input file content is mentioned.
- [Data Exposure] (LOW): The skill claims to handle 'Confidential' and 'Personal' secrets. While it claims to protect these, prioritizing and processing raw credentials within an LLM context increases the risk of data leakage through accidental output in generated runbooks.
Audit Metadata