exe
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill prompts for sensitive OpenRouter and Clerk secrets and instructs the agent to read local PEM files for use during the deployment process.
- [COMMAND_EXECUTION]: Sensitive credentials and tokens are passed as cleartext command-line flags to the local deployment script, making them visible to other users and processes in the system process list.
- [COMMAND_EXECUTION]: The skill uses the Bash tool to execute scripts and SSH commands that interpolate user-provided strings, such as VM names and file paths.
- [PROMPT_INJECTION]: The skill ingests untrusted user input via AskUserQuestion and interpolates it directly into Bash commands. No boundary markers or sanitization steps are documented to prevent command injection. Capabilities include the Bash tool with full script execution and network access via SSH.
- [EXTERNAL_DOWNLOADS]: The skill triggers 'npm install' to provision Node.js dependencies for the deployment scripts at runtime.
Audit Metadata