Skills
skills/fatih-developer/fth-skills/coolify-orchestrator/Gen Agent Trust Hub

coolify-orchestrator

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses shell commands including curl for API interactions, ssh for server access, and docker exec for container management. These are primary tools for the skill's stated infrastructure orchestration purpose.
  • [DATA_EXFILTRATION]: The skill references sensitive file paths such as .env and ~/.ssh/coolify_key for management and debugging. However, it implements security best practices by instructing the agent to mask these secrets in logs and output using sed or jq filters.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it ingests untrusted data from application logs and deployment status outputs. This is a low-risk concern inherent to monitoring and logging tasks.
  • Ingestion points: references/deploy-verify.md (deployment logs), references/container-exec.md (container logs)
  • Boundary markers: Absent in script templates
  • Capability inventory: Full API access to Coolify (CRUD projects, apps, envs), SSH access, Docker execution
  • Sanitization: Absent; logs are piped directly to output or tail
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 01:39 PM