kamal-coder
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill's workflow involves reading and potentially executing instructions from deployment configuration files and hooks, which could be exploited by an attacker with write access to the repository. Evidence: 1. Ingestion points: Reads 'config/deploy.yml', '.kamal/secrets', and scripts in '.kamal/hooks/' (SKILL.md). 2. Boundary markers: Absent. 3. Capability inventory: Access to 'Bash', 'Write', and 'Edit' tools. 4. Sanitization: Absent.
- [External Downloads] (LOW): The documentation references an external GitHub repository ('guillaumebriday/kamal-ansible-manager') for infrastructure provisioning which is not a verified or trusted source.
Audit Metadata