dev-swarm-stage-devops
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill follows a secure-by-design pattern by implementing mandatory user approval checkpoints (Step 2.3, Step 3.2, and Step 4) before file creation, cloud provisioning, or resource execution.
- [DATA_EXPOSURE]: The skill includes explicit instructions in Step 5 and the Key Principles to request user credentials immediately before interacting with cloud services, preventing the need for hardcoded secrets or insecure storage of sensitive information.
- [PROMPT_INJECTION]: While the skill ingests data from previous project stages (00-08), the risk of indirect prompt injection is mitigated by the structured review process where the user must approve the Stage Proposal and all generated documentation before any automated execution occurs.
- [REMOTE_CODE_EXECUTION]: The skill generates infrastructure-as-code and CI/CD configurations (Terraform, GitHub Actions). These are produced as documentation for user review first, rather than being executed silently in the background.
Audit Metadata