flyctl
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Data Exposure & Exfiltration] (SAFE): Example commands in the reference files demonstrate how to set environment variables and secrets using fly secrets set. The values used in these examples (e.g., secret123, password) are clearly placeholders for documentation purposes and do not constitute credential exposure.
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill documentation provides examples of building Docker images using official language runtimes. It does not include commands for downloading or executing scripts from untrusted external sources.
- [Indirect Prompt Injection] (SAFE): The skill instructions allow the agent to process user-provided configuration files such as fly.toml and Dockerfile. 1. Ingestion points: Local project configuration files referenced in SKILL.md and reference/dockerfile.md. 2. Boundary markers: Absent. 3. Capability inventory: Deployment, scaling, secret configuration, and SSH access via the fly CLI. 4. Sanitization: Not applicable as the skill provides documentation for CLI usage.
Audit Metadata