skills/jeremylongshore/claude-code-plugins-plus-skills/orchestrating-deployment-pipelines/Gen Agent Trust Hub
orchestrating-deployment-pipelines
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill presents a surface for indirect prompt injection through the processing of external configuration data.\n
- Ingestion points: The agent reads and reviews
assets/example_config.yamlandassets/pipeline_template.yaml. Additionally,scripts/init_pipeline.shaccepts external JSON configuration files via the--configparameter.\n - Boundary markers: There are no explicit delimiters or instructions provided to the agent to distinguish between configuration data and instructions, which may lead to the agent following malicious commands embedded in these files.\n
- Capability inventory: The skill allows the use of high-impact tools including
Bash(git:*),Bash(docker:*), andBash(kubectl:*), as well asWriteandEditoperations.\n - Sanitization: No evidence of validation, escaping, or content filtering is present in the provided templates or scripts.\n- [COMMAND_EXECUTION]: The skill requests access to powerful CLI tools and performs file system operations without sufficient input validation.\n
- Evidence: The
allowed-toolssection inSKILL.mdenablesgit,docker, andkubectl. These tools provide a broad attack surface if the agent is influenced by malicious input.\n - Evidence: The
scripts/init_pipeline.shscript creates a directory structure using a user-providedproject_namewithout validating for path traversal characters (e.g.,../). This could allow the script to create directories or files in unintended locations on the host system.
Audit Metadata