outpost
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the agent to clone the repository
https://github.com/hookdeck/outpost.git. The organization 'hookdeck' is not listed as a trusted source, making this an unverifiable external download. - REMOTE_CODE_EXECUTION (HIGH): The skill prompts the execution of
docker-compose upusing files from the untrusted repository. This pattern allows for arbitrary code execution or the deployment of malicious containers on the system. - COMMAND_EXECUTION (LOW): The skill makes extensive use of
curlcommands for setup and API interaction. While functional, this requires command-line access and network operations. - PROMPT_INJECTION (LOW): The skill is susceptible to indirect prompt injection through external event data.
- Ingestion points: Event data payload in the publish API examples within
SKILL.md. - Boundary markers: None identified.
- Capability inventory: Subprocess calls via
curlfor network operations across all functional examples. - Sanitization: None identified.
Recommendations
- AI detected serious security threats
Audit Metadata