netlify-integration
Pass
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS] (LOW): The documentation and scripts recommend installing the
netlify-clipackage from npm. This is a standard industry tool, but it represents an external dependency outside of the predefined trusted organization list. - [COMMAND_EXECUTION] (LOW): The
scripts/test_function_locally.shscript utilizes theevalcommand to execute a dynamically builtcurlstring. This pattern is vulnerable to command injection if input parameters such as the method or data payload are sourced from untrusted entities. - [DATA_EXFILTRATION] (LOW): The
scripts/check_deployment.shscript includes a verbose mode that outputs all site environment variables to the console. This functionality could lead to the exposure of production secrets if the script's execution logs are captured by unauthorized processes or users. - [PROMPT_INJECTION] (LOW): Several webhook handler templates (e.g.,
assets/examples/api-route.ts) ingest untrusted external data, forming an indirect prompt injection surface. Evidence: (1) Ingestion Points: Request bodies are read directly from external HTTP POST requests inapi-route.ts. (2) Boundary Markers: HMAC signature validation is demonstrated but explicitly marked as optional or requiring implementation in templates. (3) Capability Inventory: Handlers have the capability to trigger further network requests viafetch. (4) Sanitization: Input is parsed as JSON without any filtering for malicious instructional content that could affect downstream AI processes.
Audit Metadata