deployment
Warn
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: MEDIUMPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (MEDIUM): The skill workflow involves analyzing a user's local project implementation to generate deployment configurations, creating an attack surface where malicious code in the project could influence agent behavior.
- Ingestion points: Untrusted project source code is ingested when the agent is invoked to "analyze the current implementation" as described in
references/GUIDE.md. - Boundary markers: No explicit delimiters or system instructions are provided to the agent to treat analyzed project code as untrusted data.
- Capability inventory: The skill facilitates the generation and execution of critical deployment commands (e.g.,
vercel --prod,docker build) and standalone server logic inSKILL.md. - Sanitization: There is no evidence of sanitization or filtering of the analyzed project content to prevent embedded instructions from being followed by the agent.
Audit Metadata