deploy-verify
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands via Bash to perform curl operations. Since the target URL can be sourced from untrusted inputs like ship-report.md or direct user input and is interpolated directly into the command string, it presents a potential command injection risk.
- [EXTERNAL_DOWNLOADS]: The skill uses curl to make network requests to external URLs to verify their health and response times. These network operations are part of the core functionality but involve reaching out to external domains.
- [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection due to its data processing workflow. 1. Ingestion points: The skill reads metadata and change logs from .agents/ship-report.md and analyzes response content from production URLs. 2. Boundary markers: The instructions do not define delimiters or specific markers to help the agent distinguish between its own logic and potentially malicious instructions embedded in external data. 3. Capability inventory: The skill utilizes Bash and curl as defined in the SKILL.md configuration. 4. Sanitization: No validation or sanitization steps are documented for the data extracted from reports or for the URLs used in network checks.
Audit Metadata