ambit-cli
Pass
Audited by Gen Agent Trust Hub on Mar 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill operates by executing shell commands via
npx @cardelli/ambit,flyctl, andtailscaleto provision and manage cloud infrastructure. - [EXTERNAL_DOWNLOADS]: The
deploy --templatefunctionality fetches application source code and configuration files directly from GitHub repositories. - [REMOTE_CODE_EXECUTION]: Templates downloaded from GitHub are deployed as active services on Fly.io, which involves the execution of the template's container definitions and build logic.
- [CREDENTIALS_UNSAFE]: The skill requires users to manage and provide sensitive credentials, specifically Tailscale API tokens and Fly.io authentication states, which are necessary for its core functionality.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface through its template ingestion mechanism.
- Ingestion points: Untrusted application data enters the environment through the
--template <owner/repo>argument used in deployment commands. - Boundary markers: There are no documented boundary markers or instructions to ignore potential commands embedded within the external template content.
- Capability inventory: The skill possesses significant capabilities, including application deployment, secret management, and network policy modification.
- Sanitization: While the documentation mentions a 'pre-flight scan' for dangerous settings, the specific sanitization or validation logic is not detailed.
Audit Metadata