skills/jeremylongshore/claude-code-plugins-plus-skills/managing-deployment-rollbacks/Gen Agent Trust Hub
managing-deployment-rollbacks
Pass
Audited by Gen Agent Trust Hub on Mar 21, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes
kubectl,docker, andgittools via the Bash interface. These permissions are necessary for managing container orchestrations and version control as described in the skill's purpose, and they are appropriately restricted within the YAML frontmatter.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it is designed to ingest and act upon data from external sources. \n - Ingestion points: Deployment history retrieved via
kubectland system metrics fetched from monitoring platforms like Prometheus, Datadog, or CloudWatch are used to determine rollback triggers.\n - Boundary markers: No specific boundary markers or delimiters are defined in the instructions to isolate external data from the agent's core instructions.\n
- Capability inventory: The skill has access to cluster management tools (
kubectl,docker), version control (git), and file system operations (Read,Write,Edit).\n - Sanitization: No explicit sanitization or validation of data retrieved from external CLI or API outputs is performed before it is processed by the agent.\n- [SAFE]: No evidence of hardcoded credentials, obfuscated code, or unauthorized network communication was found. The included Python-based script templates are used for local deployment simulations and metadata management.
Audit Metadata