netlify-ops
Pass
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a secure credential consumption model where it reads a caller-injected token from environment variables or project-level .env files. It strictly prohibits the use of 'netlify login' or 'netlify logout' and contains explicit instructions never to echo, log, or print the token value.
- [SAFE]: Command execution is handled via validated Bash scripts (create-site.sh, deploy.sh, etc.) that use 'set -euo pipefail' and 'jq' to safely construct payloads, minimizing the risk of command injection.
- [SAFE]: External communication is restricted to official Netlify endpoints (api.netlify.com and open-api.netlify.com). The skill utilizes the well-known 'netlify-cli' Node.js package and standard system tools like 'curl' and 'python3'.
- [SAFE]: No malicious patterns such as prompt injection, obfuscation, privilege escalation, or persistence mechanisms were detected. The skill is designed to be highly restrictive, focusing solely on its stated purpose of web-hosting operations.
Audit Metadata