Skills
skills/pulumi/agent-skills/package-usage/Gen Agent Trust Hub

package-usage

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses git clone to retrieve project source code and pulumi preview to validate that dependency upgrades do not introduce breaking changes to the infrastructure.
  • [EXTERNAL_DOWNLOADS]: The skill retrieves package metadata and usage statistics from Pulumi's official registry and organizational API endpoints.
  • [PROMPT_INJECTION]:
  • Ingestion points: The skill reads project configuration and dependency files, including Pulumi.yaml, package.json, requirements.txt, pyproject.toml, and go.mod from external repositories.
  • Boundary markers: No explicit delimiters or boundary instructions are defined to encapsulate the content read from these project files.
  • Capability inventory: The agent has the ability to clone repositories, modify project files, and execute infrastructure code via the Pulumi CLI.
  • Sanitization: There is no evidence of specific validation or sanitization of the ingested file content prior to processing by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 09:00 AM