deploy-agent
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The script
scripts/deploy-agent.shperforms operations using standard CLI tools such asgit,gh,wrangler, andnpm. These calls are wrapped in logic that primarily reports status or checks versions, which is consistent with the skill's stated purpose. - [PROMPT_INJECTION]: The skill is subject to indirect prompt injection risks due to its reliance on untrusted external data from project directories.
- Ingestion points: The
check_nextjs_d1function reads package information vianpm listand scans source code in thesrc/app/apidirectory usinggrep. - Boundary markers: The agent is not provided with explicit delimiters or instructions to ignore potential commands embedded in the output of these filesystem checks.
- Capability inventory: The skill can create and write files (
cat), manage local state, and interface with GitHub and Cloudflare deployment APIs. - Sanitization: There is minimal sanitization of the data retrieved from project files before it is displayed to the agent. Additionally, application names provided as arguments are interpolated directly into JSON state files without escaping, creating a potential surface for schema confusion if malicious characters (like double quotes) are used in the name.
Audit Metadata