devops
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (LOW): The skill is vulnerable to instructions embedded in external data sources which it uses to guide its automation tasks.\n
- Ingestion points: The workflow reads potentially untrusted data from
docs/dev/[feature-name]/CONTEXT.md,wrangler.toml,Dockerfile, and CI/CD workflow files (SKILL.md).\n - Boundary markers: Absent. The instructions do not define delimiters or specify that the agent should ignore natural language instructions found within these configuration and documentation files.\n
- Capability inventory: The agent has the capability to write and modify critical system files including GitHub Action workflows (
.github/workflows/), Terraform files (*.tf), and container configurations (Dockerfile), which provides a high-impact execution path for injected instructions (SKILL.md).\n - Sanitization: Absent. There is no requirement for the agent to sanitize, validate, or escape the content of ingested files before using them to generate deployment scripts or infrastructure changes.\n- Data Exposure & Exfiltration (SAFE): The skill promotes positive security posture by explicitly forbidding the hardcoding of secrets and mandating the use of environment variables and secret stores.\n- Remote Code Execution (SAFE): No patterns for downloading or executing unverified remote scripts or packages were detected.
Audit Metadata