deployment
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill explicitly instructs the agent to collect SSH and sudo passwords using Ansible's
vars_promptinresources/02-ssh-auth.md. Although it usesprivate: yesto hide input on the terminal, there is a risk that these credentials could be captured in the AI agent's conversation history, logs, or context memory. - [COMMAND_EXECUTION] (MEDIUM): Multiple files (
resources/01-diff-checking.md,resources/06-deployment.md) provide templates for shell scripts and Ansibleshell/commandmodules. For example,deploy.shandrollback.shexecute arbitrary commands likegit pull,npm run build, andpm2 reload. If an attacker can influence the variables used in these scripts, it could lead to Remote Code Execution (RCE) on the target infrastructure. - [EXTERNAL_DOWNLOADS] (LOW): The skill automates software acquisition from external sources. It includes
npm ci(Node.js),pip install(Python/Ansible-lint), andapt-get install(Debian/Ubuntu packages). It also references external Helm repositories (https://charts.bitnami.com/bitnami). While these are standard DevOps practices, they represent a supply chain risk if the sources are compromised. - [PRIVILEGE_ESCALATION] (MEDIUM): The skill frequently uses
become: yesandsudofor system-level changes (modifying/etc/, installing packages, managing services). This is expected for a deployment skill but requires the highest level of trust in the agent's operations. - [INDIRECT_PROMPT_INJECTION] (LOW): The skill processes external data (configuration files, Git repositories) and interpolates them into deployment tasks. This creates a surface where malicious instructions could be embedded in a repository or config file to influence the agent's next deployment steps.
Audit Metadata