deploying-to-globe
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to high-privilege deployment capabilities combined with external data ingestion.\n
- Ingestion points: Processes
globe.yamlconfiguration files from the user's project directory.\n - Boundary markers: None identified; the provided documentation lacks delimiters or explicit instructions to ignore instructions embedded within the configuration data.\n
- Capability inventory: Capability to generate and suggest CLI deployment commands, configure environment variables, and manage cloud infrastructure components like KV stores and databases.\n
- Sanitization: The
validate-globe-yaml.shscript performs basic regex-based validation of specific fields (regions, cron IDs), but it does not prevent the AI from interpreting malicious prompts embedded in YAML string values or comments.\n- [COMMAND_EXECUTION] (LOW): The skill includes a shell script for local validation (validate-globe-yaml.sh). The script uses standard shell utilities (grep, sed, tr) and follows safe practices, such as proper variable quoting, to avoid command injection from the file content itself.
Recommendations
- AI detected serious security threats
Audit Metadata