research-to-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it processes untrusted content from the internet to generate executable infrastructure code.
- Ingestion points: Untrusted web content retrieved via the
WebSearchandWebFetchtools (SKILL.md). - Boundary markers: Absent. There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded within the fetched research data.
- Capability inventory: The skill has access to file writing and editing (
Write,Edit) and infrastructure command execution via scoped Bash tools for terraform, docker, and kubectl (SKILL.md frontmatter). - Sanitization: Absent. There is no mechanism described to sanitize or validate external content before it is interpolated into prompts or used to generate deployment scripts.
- [COMMAND_EXECUTION]: The skill is designed to facilitate the execution of infrastructure-management commands. While the shell environment is restricted to specific binaries (terraform, docker, kubectl, git, npm), the risk of executing unintended or malicious operations exists if the generated configurations are derived from compromised external data.
Audit Metadata