netlify-deploy
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands such as 'npx netlify', 'npm install', and 'git' to manage the deployment process. These commands are necessary for the skill's primary function but involve executing code based on project state. \n- [EXTERNAL_DOWNLOADS]: The skill downloads the Netlify CLI using 'npx' and installs project-specific dependencies via 'npm'. These resources are retrieved from the official NPM registry, which is a well-known and trusted service. \n- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it interprets instructions and configurations from local files. \n
- Ingestion points: The skill reads 'package.json', 'netlify.toml', and '.env' files, as well as Git remote metadata from the project directory. \n
- Boundary markers: No specific delimiters or instructions are used to distinguish between administrative commands and potentially malicious instructions embedded in project files. \n
- Capability inventory: The skill can execute subprocesses for building and installing software, which could be exploited by malicious code in 'package.json' or build scripts. \n
- Sanitization: There is no evidence of sanitization or strict validation of the build commands or paths extracted from the untrusted project files.
Audit Metadata