deploy-bot
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- CREDENTIALS_UNSAFE (HIGH): The file
deploy.shcontains hardcoded server connection information, including the username "unarmedpuppy", the host "192.168.86.47", and the port "4242". Hardcoding specific infrastructure details instead of utilizing mandatory environment variables is a security risk. - COMMAND_EXECUTION (HIGH): The skill performs remote command execution via SSH to manage Docker containers and Git repositories on a target server. This capability grants the agent high-privileged access to the deployment infrastructure.
- PROMPT_INJECTION (LOW): The skill is susceptible to Indirect Prompt Injection (Category 8) because it retrieves and displays untrusted data to the agent. Specifically, the
deploy.shscript fetches and displays logs from thepolymarket-botcontainer. If the bot processes external data that results in malicious instructions being written to its logs, those instructions could influence the agent's behavior during the deployment verification step. - Ingestion points:
deploy.sh(fetching container logs via SSH) - Boundary markers: None detected; the log output is streamed directly to the agent's context.
- Capability inventory: Remote shell access (SSH), Docker container management (rebuild, restart, exec), and Git operations.
- Sanitization: No sanitization or filtering is applied to the log output before it is shown to the agent.
Recommendations
- AI detected serious security threats
Audit Metadata