Skills
skills/sapiom/skills/sapiom-deploy/Gen Agent Trust Hub

sapiom-deploy

Pass

Audited by Gen Agent Trust Hub on Mar 3, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.execSync to run the zip command locally to package source code for deployment as detailed in references/jobs.md.
  • [REMOTE_CODE_EXECUTION]: Provides an API and workflows to deploy and execute arbitrary Node.js scripts on Sapiom's managed infrastructure (blaxel.services.sapiom.ai).
  • [CREDENTIALS_UNSAFE]: Handles the SAPIOM_API_KEY to authenticate against vendor gateways and injects it into the environment variables of deployed jobs and sandboxes.
  • [EXTERNAL_DOWNLOADS]: The deployment process automatically installs Node.js dependencies (e.g., @sapiom/fetch, @blaxel/core) from the NPM registry as part of the remote build step.
  • [PROMPT_INJECTION]: An indirect prompt injection surface is identified in the orchestrator pattern where untrusted data from external websites is ingested.
  • Ingestion points: references/patterns.md uses Firecrawl to scrape external URLs.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the provided scraping example.
  • Capability inventory: Local execSync for packaging and remote deployment/execution (RCE) via the Jobs API.
  • Sanitization: There is no evidence of sanitization or validation of the scraped data before it is used to determine worker task payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 3, 2026, 08:54 AM