Skills
skills/trailofbits/skills-curated/openai-netlify-deploy/Gen Agent Trust Hub

openai-netlify-deploy

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION] (HIGH): The skill uses npm install and npx netlify, both of which execute code defined in the project's package.json (lifecycle scripts) or netlify.toml (build commands). Malicious projects can use these to achieve RCE.
  • [COMMAND_EXECUTION] (HIGH): The skill uses Bash to execute commands and explicitly suggests requesting escalated permissions for network access, which increases the potential impact of any malicious command execution.
  • [EXTERNAL_DOWNLOADS] (LOW): Fetches the Netlify CLI via npx. While the download is from a trusted source (Netlify) per [TRUST-SCOPE-RULE], the subsequent execution on untrusted data maintains the high risk of the skill.
  • [PROMPT_INJECTION] (HIGH): High surface for Indirect Prompt Injection. 1. Ingestion points: package.json, netlify.toml, and git remote URLs. 2. Boundary markers: Absent. 3. Capability inventory: Bash execution, Write access, and deployment script execution. 4. Sanitization: Absent; the skill blindly follows build and installation instructions provided in untrusted configuration files.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 02:07 PM