backend-api-cicd
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is authored by Hillstone-Networks and exclusively references vendor-controlled domains for its Git repository (git.tac.hillstonenet.com) and Docker registry (registry.dic.hillstonenet.com), which are trusted infrastructure components. \n- [COMMAND_EXECUTION]: The provided deployment scripts (dev_deploy.sh.example, prod_deploy.sh.example) use standard administrative tools such as kubectl, docker, and envsubst. These commands are necessary for the skill's primary function of automating software deployment and are executed within the user's controlled CI/CD environment. \n- [EXTERNAL_DOWNLOADS]: Dockerfiles and CI configurations pull base images from the organization's private registry (docker.dic.hillstonenet.com/library/python:3.12-slim). These downloads are restricted to trusted vendor sources and are documented neutrally. \n- [PROMPT_INJECTION]: An indirect prompt injection surface was identified where GitLab CI variables (e.g., CI_PROJECT_NAME) and file contents (.env.example) are interpolated into Kubernetes manifests via envsubst. \n
- Ingestion points: GitLab CI environment variables and local configuration files. \n
- Boundary markers: Absent in the provided templates. \n
- Capability inventory: kubectl apply, docker push, and docker build operations. \n
- Sanitization: No explicit sanitization of the interpolated variables is present. This behavior is typical for CI/CD templating and does not escalate the security verdict given the intended use case.
Audit Metadata