devops-detector
Pass
Audited by Gen Agent Trust Hub on Mar 9, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill configuration defines a PostToolUse hook that executes a local shell script named post_output_validation_hook.sh. This script is used for validating the results of tool operations, which is a standard procedure within the framework.
- [PROMPT_INJECTION]: The skill's primary function involves processing data from repository files, job postings, and DNS signals, which presents a surface for indirect prompt injection.
- Ingestion points: Data is ingested through repository_signals, job_signals, dns_signals, and http_signals from Phase 2 processing.
- Boundary markers: The skill does not implement explicit prompt delimiters or boundary markers to isolate untrusted data.
- Capability inventory: The skill uses the Read and Grep tools and maintains command execution capabilities via the post-tool execution hook.
- Sanitization: External content is sanitized via programmatic filtering in Python logic, which matches specific filenames (e.g., .gitlab-ci.yml, Dockerfile) and keywords before they are processed by the agent.
Audit Metadata