kernel-app-deployment
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): The skill explicitly instructs the agent to handle sensitive information, including environment variables (
API_KEY,DB_URL) and credential files (.env). Using the--env-fileand--envflags with thekernel deploycommand risks exposing secrets if the agent is manipulated into deploying unauthorized files or variables. - [Remote Code Execution] (HIGH): The core functionality revolves around deploying and invoking user-provided TypeScript and Python code in a remote 'Kernel' environment (
kernel deploy,kernel invoke). This allows for arbitrary code execution with access to network resources and environment-stored secrets. - [Indirect Prompt Injection] (HIGH): The skill has a large attack surface as it processes external payloads (
--payload) and source code files which could contain malicious instructions. - Ingestion points:
index.ts,main.py,.env,payload.json, and application logs. - Boundary markers: None specified in the instructions.
- Capability inventory: Remote code execution, network communication, and filesystem access via the
kernelCLI. - Sanitization: No evidence of input validation or sanitization for code or payloads.
- [Command Execution] (MEDIUM): The skill requires the execution of shell commands that interact with the local filesystem (
ls -la) and external cloud services (kernel deploy), which could be abused if command arguments are dynamically generated from untrusted data.
Recommendations
- AI detected serious security threats
Audit Metadata