promovaweb-devops-review-chatwoot-stack
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it reads and processes the content of an external file (
chatwoot.yaml) which is considered untrusted data. - Ingestion points: The agent is instructed to read the full content of
chatwoot.yamlin Step 1. - Boundary markers: The instructions lack explicit delimiters or specific 'ignore embedded instructions' warnings for the data being read.
- Capability inventory: The skill has the capability to read local files and write an audit report to
chatwoot.audit.md. - Sanitization: There is no evidence of sanitization or strict schema validation performed on the YAML content before it is processed by the agent.
- [SAFE]: The skill performs legitimate security auditing by checking for placeholder secrets (e.g.,
SENHA,123458bb7ef6402f6a8bcf5d3be54321) and verifying SSL/TLS configurations. - [SAFE]: No network exfiltration, remote code execution, or unauthorized privilege escalation patterns were detected. All operations are local to the project environment.
Audit Metadata