Skills
skills/majesticlabs-dev/majestic-marketplace/devops-plan/Gen Agent Trust Hub

devops-plan

Pass

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: LOWPROMPT_INJECTION
Full Analysis
  • [Indirect Prompt Injection] (LOW): The skill ingests untrusted data from the local file system (IaC filenames and provider strings) to generate a DevOps plan. While the discovery process is primarily read-only, it influences the agent's plan and triggers a subagent audit task, creating a surface for indirect prompt injection from local file content.\n
  • Ingestion points: ls and grep commands in SKILL.md targeting local .tf, .yml, and .cfg files.\n
  • Boundary markers: Absent; the skill does not use delimiters when reporting findings to the agent or calling the subagent.\n
  • Capability inventory: Limited to Bash (read-only file discovery) and Task (triggering an external audit tool).\n
  • Sanitization: The grep command uses a character class [a-z]+ which provides some implicit sanitization for provider names, but filenames and directory structures are not sanitized.
Audit Metadata
Risk Level
LOW
Analyzed
Feb 16, 2026, 11:30 AM