senior-devops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (HIGH): Significant vulnerability to indirect prompt injection via ingested project data.\n
- Ingestion points: The
pipeline_generator.pyandterraform_scaffolder.pyscripts ingest data from user-provided project and target paths.\n - Boundary markers: The skill fails to define delimiters or include 'ignore embedded instructions' warnings for external content.\n
- Capability inventory: The skill description confirms high-privilege capabilities including 'infrastructure automation' and 'deployment automation' across AWS, GCP, and Azure.\n
- Sanitization: No evidence of schema validation, input escaping, or sanitization of the processed configuration files exists.\n- [Unverifiable Dependencies & Remote Code Execution] (MEDIUM): The workflow relies on unverifiable external packages.\n
- Evidence: The setup guide instructs users to run
npm installandpip install -r requirements.txtwithout providing the manifest files or pinning versions, posing a supply chain risk.\n- [Command Execution] (MEDIUM): The skill executes multiple local scripts that perform system-level tasks.\n - Evidence: Execution of
pipeline_generator.py,terraform_scaffolder.py, anddeployment_manager.pyviapython3to automate DevOps workflows.
Recommendations
- AI detected serious security threats
Audit Metadata