Skills
skills/incept5/eve-skillpacks/eve-deploy-debugging/Gen Agent Trust Hub

eve-deploy-debugging

Pass

Audited by Gen Agent Trust Hub on Mar 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: Utilizes the eve CLI to manage environment lifecycles, application deployments, and system-level diagnostics (e.g., eve env deploy, eve job diagnose).
  • [PROMPT_INJECTION]: The skill exhibits a vulnerability to indirect prompt injection (Category 8) because it ingests and displays untrusted data from external sources.
  • Ingestion points: Untrusted data enters the agent context via eve job runner-logs, eve job diagnose, eve build logs, and eve thread messages.
  • Boundary markers: There are no defined delimiters or instructions to ignore potentially malicious commands embedded within the logs or diagnostic messages.
  • Capability inventory: The skill allows for significant platform changes, including creating new environments (eve env create) and deploying code (eve env deploy).
  • Sanitization: No sanitization, filtering, or validation is performed on the output of diagnostic commands before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 18, 2026, 11:59 AM