monitoring-deployments
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill automatically installs a package (
tugboat-cli) from a private GitHub Enterprise instance (git+ssh://git@ghe.spotify.net/warpspeed/tugboat-cli.git). While internal to an organization, this source is not in the trusted whitelist and represents an unverified dependency. - COMMAND_EXECUTION (MEDIUM): The skill uses
uv tool installand executes severaltugboatandgcloudsubcommands. Specifically, it instructs the agent to 'Parse log info from tugboat output and run' agcloudcommand, which involves dynamic command construction based on external data. - INDIRECT_PROMPT_INJECTION (LOW): The skill is vulnerable to indirect injection because it processes untrusted data from deployment outputs.
- Ingestion points: Data returned from
tugboat deployments showandtugboat installations list. - Boundary markers: None present; the agent is instructed to parse and use the data directly.
- Capability inventory: Execution of
gcloud logging tailandtugboatCLI commands. - Sanitization: No evidence of sanitization or escaping for the parsed log filters or installation IDs before they are interpolated into shell commands.
Audit Metadata