netlify-deploy
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (MEDIUM): The skill uses
npx netlifyto download and execute the Netlify CLI at runtime. As Netlify is not an explicitly trusted organization in the provided framework, this constitutes unverifiable remote code execution. Severity is reduced from HIGH to MEDIUM due to it being a core requirement for the skill's primary purpose.\n- [EXTERNAL_DOWNLOADS] (MEDIUM): Commands likenpm installandnpxfetch and run code from the public npm registry. These actions introduce risks associated with unvetted third-party packages.\n- [COMMAND_EXECUTION] (MEDIUM): The skill relies on multiple shell commands includinggit,npm, andnpx. The interpolation of external data, such as Git remote URLs, into these commands without explicit sanitization creates a potential command injection surface.\n- [PRIVILEGE_ESCALATION] (MEDIUM): The skill documentation includes an instruction to the agent or user to applysandbox_permissions=require_escalatedif networking is blocked. This is an intentional request to bypass sandbox security controls to facilitate outbound network traffic.\n- [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes untrusted project configuration data that could be used to influence agent behavior.\n - Ingestion points:
git remote show originoutput and local project files (package.json,netlify.toml).\n - Boundary markers: None identified in the provided instructions.\n
- Capability inventory: File system access, network deployment, and shell command execution.\n
- Sanitization: No explicit sanitization or validation of the ingested configuration data is mentioned.
Audit Metadata