ambit-cli
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the
@cardelli/ambitCLI vianpxto manage private networks and perform application deployments. - [EXTERNAL_DOWNLOADS]: Fetches application templates from the vendor's GitHub repository (
ToxicPine/ambit-templates) or user-provided repositories during thedeploycommand execution. - [REMOTE_CODE_EXECUTION]: Deploys application code from remote templates to Fly.io infrastructure; the template content is executed within the user's private network environment.
- [CREDENTIALS_UNSAFE]: Requires a Tailscale API access token (
tskey-api-...) to manage network ACLs and router authentication. The documentation states that this key is used locally and is not sent to the routers. - [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through the
--templateflag, which allows fetching and deploying code from arbitrary GitHub repositories. - Ingestion points:
SKILL.mddescribes the--templateargument for the deployment command. - Boundary markers: Absent; no explicit instructions are provided to the agent to ignore instructions embedded within retrieved templates.
- Capability inventory:
npx @cardelli/ambit deployexecutes code deployment and configuration on Fly.io infrastructure. - Sanitization: Documentation mentions pre-flight scans for dangerous settings in configuration files, but does not specify protection against general malicious code in templates.
Audit Metadata