coolify
Warn
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONDATA_EXFILTRATIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill documentation provides examples for reading highly sensitive files from the local filesystem, such as
~/.ssh/id_rsaandgithub-app-key.pem, to be passed as arguments to the deployment platform. - [COMMAND_EXECUTION]: The skill extensively uses a local bash script located at
{baseDir}/scripts/coolify. These scripts are invoked with complex arguments (e.g.,--json,--value), which may lead to shell command injection if the agent interpolates untrusted user input without strict validation. - [DATA_EXFILTRATION]: The skill is designed to transmit sensitive data, including server private keys and application environment variables, to remote Coolify API endpoints (
app.coolify.ioor self-hosted instances). - [PROMPT_INJECTION]: The skill features commands to read application logs and manage environment variables. This represents an indirect prompt injection surface where malicious data within logs or variables could influence the agent's subsequent behavior.
- Ingestion points: Reading application logs via
applications logsand environment variables viaapplications envs list. - Boundary markers: None identified in the provided documentation to distinguish between data and instructions.
- Capability inventory: File reading, network requests via
curl, and local script execution. - Sanitization: No explicit sanitization or filtering of log content or variable values is described.
Audit Metadata