pulumi-automation-api
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFE
Full Analysis
- [Prompt Injection] (SAFE): No patterns of prompt injection, such as instructions to ignore safety filters or override agent behavior, were detected.
- [Data Exposure & Exfiltration] (SAFE): The skill does not access sensitive system files or exfiltrate data. Code examples use placeholders for configuration and demonstrate the use of the 'secret: true' flag to ensure sensitive data is encrypted in the Pulumi state.
- [Indirect Prompt Injection] (SAFE): While the skill explains how to build self-service platforms that process external inputs (e.g., Slack bots), it serves as an educational resource for a legitimate SDK. Users building such platforms should implement their own input validation. Evidence Chain: 1. Ingestion points: Examples mention reading from 'deploy-config.json' and hint at external triggers like Slack. 2. Boundary markers: Not present in the simplified code snippets. 3. Capability inventory: The Pulumi Automation API provides high-privilege infrastructure management capabilities (creating/deleting cloud resources). 4. Sanitization: Not explicitly shown in the basic examples.
- [Remote Code Execution] (SAFE): The skill describes the use of a programmatic infrastructure-as-code API. No malicious remote script downloads, piped command executions, or unverifiable dependencies were found.
Audit Metadata