deploy
Pass
Audited by Gen Agent Trust Hub on Mar 30, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill functions primarily as a documentation and guidance resource for deployment workflows. It contains no executable code, remote scripts, or unauthorized network operations.
- [PROMPT_INJECTION]: The skill includes prompt templates in the "When Things Go Wrong" section that suggest users provide external application URLs and paste raw error logs. This creates a surface for indirect prompt injection where malicious instructions could be embedded in the logs or site content. However, this functionality is essential to the skill's primary purpose of troubleshooting and does not pose a high risk.
- Ingestion points: User-provided URLs and logs in troubleshooting prompt templates within
SKILL.md. - Boundary markers: Absent in the suggested template strings.
- Capability inventory: The skill does not define specific dangerous tool calls but uses the agent's general data analysis capabilities.
- Sanitization: No sanitization is suggested for the log data before it is processed by the agent.
- [DATA_EXFILTRATION]: The skill mentions sensitive environment variables (e.g.,
STRIPE_SECRET_KEY,DATABASE_URL) but only as educational placeholders. It correctly instructs the user to never commit these to version control and to use managed hosting dashboards for secret storage.
Audit Metadata