deploy
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes shell commands to interact with the ZeroDeploy CLI, including 'zerodeploy deploy' and 'zerodeploy login'. It also allows execution of build commands via the '--build-command' flag, which is a standard part of the deployment process.
- [EXTERNAL_DOWNLOADS]: Fetches and installs the '@zerodeploy/cli' package from the NPM registry. This is a vendor-provided tool required for the skill's primary function.
- [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection via the '$ARGUMENTS' variable and user-provided build parameters.
- Ingestion points: The '$ARGUMENTS' placeholder at the end of the file and the '--build-command' parameter.
- Boundary markers: None identified; user input is not explicitly delimited from instructions.
- Capability inventory: The skill has access to the Bash tool for running CLI commands and package managers.
- Sanitization: No explicit sanitization or validation of input arguments is performed before they are passed to the shell.
Audit Metadata