deployment-config-validate
Pass
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: LOWPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Category 8: Indirect Prompt Injection] (LOW): The skill ingests untrusted configuration data from a file, creating an attack surface for indirect prompt injection. This is mitigated by using a standalone Python script for validation rather than processing the file content within an LLM prompt.
- [Category 2: Data Exposure] (LOW): The script allows the reading of arbitrary files via a command-line argument. While intended for deployment configs, this could be abused to access sensitive files, where parse errors might reveal file contents.
Audit Metadata