skills/jeremylongshore/claude-code-plugins-plus-skills/orchestrating-deployment-pipelines/Gen Agent Trust Hub
orchestrating-deployment-pipelines
Pass
Audited by Gen Agent Trust Hub on Apr 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill requests permissions for git, docker, and kubectl to perform deployment operations. While these tools are necessary for the skill's intended purpose, they represent a significant control surface. Additionally, the initialization script scripts/init_pipeline.sh contains Python code despite its shell extension.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it interprets content from external manifests and repository configurations. * Ingestion points: Orchestration involves reading and processing Kubernetes manifests and configuration files. * Boundary markers: No delimiters are specified to isolate data from instructions. * Capability inventory: Significant environment interaction is possible through the provided DevOps toolset. * Sanitization: No input validation is performed on external configuration data.
Audit Metadata