devops-fullstack
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHPROMPT_INJECTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection (Category 8) due to its core functionality.
- Ingestion points: The skill ingests untrusted data from application source code and implementation details, as noted in the 'Basic Usage' section of
references/GUIDE.md('analyze the current implementation'). - Boundary markers: No boundary markers or delimiters are defined in
SKILL.mdto protect the agent from instructions embedded in the source code it processes. - Capability inventory: The skill outputs high-privilege configuration files, including
dockerfile, CI/CDpipelineobjects (GitHub Actions, GitLab CI, CircleCI), anddeployment_configfor various cloud providers (AWS, GCP, Azure). - Sanitization: There is no logic shown for sanitizing or escaping content extracted from the application before it is interpolated into the generated YAML or Dockerfile templates, allowing for potential command injection into the build/deploy pipeline.
- COMMAND_EXECUTION (LOW): The
scripts/validate.pyscript performs file system checks. It usesyaml.safe_load()which follows best practices for safe parsing of local configuration data.
Recommendations
- AI detected serious security threats
Audit Metadata