runpod-serverless
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill accepts user-defined inputs to create and modify serverless templates and endpoints on RunPod. 1. Ingestion points: The '--name' and '--gpu' arguments in scripts/create_serverless.py are derived from user instructions. 2. Boundary markers: No delimiters or instructions are present to prevent the agent from being influenced by malicious content inside these parameters. 3. Capability inventory: The script performs network write operations (saveTemplate and saveEndpoint GraphQL mutations) to api.runpod.io. 4. Sanitization: There is no validation or sanitization of the 'name' or 'gpu' inputs before they are included in API payloads.
- Data Exposure & Exfiltration (LOW): The script initiates network connections to api.runpod.io, which is not included in the trusted domain whitelist.
- Credentials Safety (SAFE): The skill correctly implements security best practices by requiring the RunPod API key to be passed via an environment variable rather than being hardcoded in the scripts.
Recommendations
- AI detected serious security threats
Audit Metadata