cloud-devops-expert
Pass
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it is designed to analyze and review untrusted infrastructure code (Terraform, Kubernetes, etc.) provided by users. In the absence of boundary markers or instructions to treat input as data, the agent might execute instructions embedded within that code.
- Ingestion points: The skill accepts user-provided code for review (e.g., in SKILL.md examples).
- Boundary markers: None identified; the instructions do not provide delimiters or guidance to the model to ignore instructions found within analyzed snippets.
- Capability inventory: The skill has access to powerful tools including Bash, Write, Edit, and Read.
- Sanitization: None identified; the skill does not specify any validation or filtering of input before it is processed.
- [COMMAND_EXECUTION]: The skill mandates the execution of the shell command 'cat .claude/context/memory/learnings.md' as part of its mandatory Memory Protocol. This use of the Bash tool is intended for maintaining session context and persistence but represents a direct command execution pattern.
Audit Metadata