test-environment-management
Fail
Audited by Gen Agent Trust Hub on Mar 6, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The documentation includes hardcoded credentials in the Docker Compose example, specifically 'POSTGRES_PASSWORD: password' and a 'DATABASE_URL' containing the same password.
- [COMMAND_EXECUTION]: The skill utilizes high-privilege administrative commands including 'aws ec2 stop-instances' and 'aws ec2 start-instances' via the AWS CLI, as well as 'docker-compose' execution commands. While these are necessary for the skill's stated purpose of environment management, they represent a significant attack surface.
- [EXTERNAL_DOWNLOADS]: The skill references external resources including the 'wiremock-captain' Node.js package and official Docker images ('postgres:15', 'redis:7'). These originate from well-known registries (NPM, Docker Hub) and are documented neutrally as they are standard for the tool's functionality.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) due to its design.
- Ingestion points: The agent reads external environment configurations ('configs/') and parity check results ('parity-checks/').
- Boundary markers: None are present in the documentation to distinguish between trusted instructions and untrusted data.
- Capability inventory: The skill has the capability to execute shell commands (AWS CLI, Docker) and manage infrastructure via Terraform.
- Sanitization: No sanitization or validation logic is described for the configuration data being processed.
Recommendations
- AI detected serious security threats
Audit Metadata