post-deploy
Warn
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is instructed to perform system-level management tasks including restarting services and modifying task execution.\n
- Evidence: SKILL.md contains instructions for running systemctl restart, pm2 restart, and checking crontab or Windows Task Scheduler entries.\n- [COMMAND_EXECUTION]: The AGENTS.md rule file explicitly authorizes the agent to use sudo or runas /user:Administrator when elevated privileges are required.\n- [EXTERNAL_DOWNLOADS]: The skill requires the global installation of several npm packages from the vendor's namespace (metyatech).\n
- Evidence: README.md and AGENTS.md specify installation of skill-post-deploy, compose-agentsmd, @metyatech/task-tracker, and @metyatech/thread-inbox.\n- [PROMPT_INJECTION]: The skill exhibits a vulnerability surface for indirect prompt injection by reading and analyzing system logs.\n
- Ingestion points: The agent is instructed to read log entries to verify updated service behavior (SKILL.md).\n
- Boundary markers: No delimiters or explicit instructions to ignore embedded instructions within logs are provided.\n
- Capability inventory: The agent has extensive system control via service management and sudo capabilities.\n
- Sanitization: No sanitization of log content or external command output is performed before the agent processes the information.
Audit Metadata