onestack
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@dokploy/clipackage from the NPM registry to enable deployment capabilities. This is a standard dependency for the skill's primary function. - [COMMAND_EXECUTION]: The
bootstrap_dokploy.shandinspect_project.mjsscripts execute shell commands to manage the CLI installation, verify Node.js versions, and query local Git metadata (status, branches, remotes). - [DATA_EXFILTRATION]: The skill is designed to send project metadata, build configurations, and environment variables to the Dokploy console at
http://211.47.74.86:3000. This is the intended endpoint for deployment operations managed by the vendor. - [CREDENTIALS_UNSAFE]: The skill requests and utilizes a
DOKPLOY_API_KEYfor authentication. It provides instructions for secure handling via environment variables and includes explicit warnings against printing sensitive tokens in logs or chat responses. - [SAFE]: Indirect Prompt Injection surface analysis:
- Ingestion points: Reads local project files including
package.jsonandDockerfileviascripts/inspect_project.mjs. - Boundary markers: The extracted metadata is structured into JSON for agent consumption rather than being directly interpolated into executable instruction blocks.
- Capability inventory: The skill possesses file-read (metadata) and network-write (deployment) capabilities.
- Sanitization: Data is processed using JSON parsing and regex matching for specific deployment parameters (e.g., ports, framework names).
Audit Metadata