render-deployment-manager
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill demonstrates a potential surface for indirect prompt injection due to its interaction with external, potentially untrusted data sources.
- Ingestion points: The
list_logsandget_servicetools inSKILL.mdare used to retrieve logs and service statuses from the Render.com platform, which could contain attacker-controlled content. - Boundary markers: The skill instructions do not define any delimiters or clear markers to separate ingested data from agent instructions, nor do they include commands to ignore instructions within the data.
- Capability inventory: The skill includes powerful capabilities such as
update_environment_variablesandcreate_web_service(which defines build and start commands), presenting a high-privilege surface if the agent were to be misled by injected instructions. - Sanitization: There is no mention of sanitizing, validating, or filtering the ingested external data before it is processed by the agent.
Audit Metadata