Skills
skills/wasp-lang/claude-plugins/deploying-app/Gen Agent Trust Hub

deploying-app

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: CRITICALCREDENTIALS_UNSAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE] (LOW): The skill instructs the agent to verify sensitive configuration such as DATABASE_URL and JWT_SECRET. While part of a checklist, this exposes potential credentials to the agent context.
  • [PROMPT_INJECTION] (LOW): Indirect Prompt Injection surface (Category 8). The skill reads user-provided configuration files. Evidence: 1. Ingestion points: main.wasp, main.wasp.ts. 2. Boundary markers: None present. 3. Capability inventory: Command execution via wasp CLI and filesystem access. 4. Sanitization: No validation of ingested content.
  • [EXTERNAL_DOWNLOADS] (LOW): The skill mentions an example domain (your-server-url.com) that is flagged as malicious by automated scanners. Users should ensure they do not use this placeholder in production.
Recommendations
  • Contains 2 malicious URL(s) - DO NOT USE
Audit Metadata
Risk Level
CRITICAL
Analyzed
Feb 17, 2026, 06:39 PM