appdeploy
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to run
curlfor registration and interacting with the AppDeploy JSON-RPC API. - [EXTERNAL_DOWNLOADS]: Fetches deployment instructions, application templates, and source code snapshots from the vendor-owned domain
api-v2.appdeploy.ai. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because the agent is instructed to fetch and strictly adhere to instructions provided by the
get_deploy_instructionstool, which returns data from a remote, third-party source. - Ingestion points: The tools
get_deploy_instructions,src_read,src_grep, andget_app_statusingest content from the remote service into the agent's context. - Boundary markers: Absent; the skill lacks delimiters or warnings to treat the remote instructions as untrusted data.
- Capability inventory: The agent possesses the capability to execute network requests (via
curl) and upload local project files to the remote server (viadeploy_app). - Sanitization: No sanitization or validation of the remote instructions or source code content is performed before processing.
- [CREDENTIALS_UNSAFE]: The installation workflow directs the agent to save a plain-text API key into a local file named
.appdeploy. While the skill suggests adding this file to.gitignore, local plain-text storage remains a risk for credential exposure in shared or improperly secured environments.
Audit Metadata