managing-devops-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [Indirect Prompt Injection] (SAFE): The skill possesses a surface for ingesting untrusted data via build parameters. However, it contains explicit safety instructions that mitigate this risk. * Ingestion points: The skill accepts projectId, pipelineId, and body_param from user input or external tools as described in SKILL.md. * Boundary markers: The skill explicitly defines a 'Critical Rule' in SKILL.md requiring mandatory user confirmation of all parameters before triggering a build. * Capability inventory: The skill has the capability to trigger software deployments through the v4_user_build_start tool. * Sanitization: The skill relies on human-in-the-loop verification of the final payload to ensure safety.
Audit Metadata