spoonos-deployment-guide
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements API endpoints that are susceptible to indirect prompt injection. * Ingestion points: User input is ingested via the query field in scripts/cloudrun_api.py and scripts/lambda_handler.py. * Boundary markers: The skill does not implement delimiters or safety instructions to isolate user input from the agent's internal logic. * Capability inventory: The agents utilize the SpoonReactMCP framework, which typically interacts with external tools. * Sanitization: There is no evidence of input sanitization or validation before the query is passed to the LLM agent.
- [COMMAND_EXECUTION]: The deployment instructions in SKILL.md include commands that require elevated system privileges. * Evidence: Multiple instances of sudo are used for system-level operations such as package management, file system modifications, and service orchestration. * Context: While these are standard for infrastructure deployment, they involve executing commands with root authority.
Audit Metadata