devops-cicd
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [External Downloads] (LOW): The templates reference 'actions/checkout@v4', 'actions/setup-node@v4', and 'amondnet/vercel-action@v25'. These actions are external dependencies from organizations not included in the trusted whitelist.
- [Data Exposure] (SAFE): 'templates/docker/docker-compose.yml' contains hardcoded default credentials ('postgres:postgres') for a local database service. This is standard for development templates and not considered a production leak.
- [Indirect Prompt Injection] (LOW): The skill provides templates that the agent may modify based on user instructions, creating a surface for indirect prompt injection. 1. Ingestion points: User instructions for template customization. 2. Boundary markers: Absent. 3. Capability inventory: File-write operations to the workspace. 4. Sanitization: Absent.
Audit Metadata