sync-ci-to-staging-prod
Fail
Audited by Gen Agent Trust Hub on Feb 22, 2026
Risk Level: CRITICALSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (SAFE): The skill utilizes
git,argocd, and local Python scripts for environment synchronization. These operations are essential to its intended function and do not involve unauthorized command execution. - DATA_EXPOSURE (SAFE): The skill includes a 'Whitelist' mechanism that explicitly prevents the promotion of sensitive data such as database credentials, Redis addresses, and Stripe secret keys.
- INDIRECT_PROMPT_INJECTION (LOW): The skill possesses an attack surface for indirect prompt injection because it processes configuration files and tool outputs. 1. Ingestion points: YAML configuration files in the Kubernetes overlays directory and the output of the 'argocd diff' command. 2. Boundary markers: Absent; there are no specific delimiters or warnings used to prevent the agent from following instructions embedded within these files. 3. Capability inventory: The skill can trigger deployments via 'argocd sync', modify the repository via 'git push', and execute local Python scripts. 4. Sanitization: No sanitization or validation of the configuration content is performed before processing.
- FALSE POSITIVE (SAFE): The automated scan alert for the malicious URL 'payment.pl' is a false positive. The string is a substring of the configuration path 'payment.plans[]' used in the skill's documentation and does not represent an actual network request.
Recommendations
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata