outport
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill documents several CLI commands for project and system management, including 'outport up' for port allocation and 'outport system start' for installing DNS resolvers and reverse proxies, which requires administrative privileges (sudo) for system-level configuration.
- [EXTERNAL_DOWNLOADS]: The documentation references external software dependencies, specifically recommending installation via a Homebrew tap ('steveclarke/tap/outport') and the 'cloudflared' utility for tunneling features.
- [DATA_EXFILTRATION]: The tool includes a 'share' feature that established public Cloudflare tunnels for local development services, which is a documented capability but constitutes a potential data exposure vector if applied to sensitive services.
- [PROMPT_INJECTION]: The skill defines a surface for indirect prompt injection by ingesting project configuration from 'outport.yml' files (Ingestion point: SKILL.md; Boundary markers: Absent; Capability inventory: File-write to .env and subprocess execution via CLI; Sanitization: Absent) and using this data to manage environment variables and system services.
Audit Metadata