Skills
skills/cbnsndwch/skills/portainer-ce-2-39/Gen Agent Trust Hub

portainer-ce-2-39

Pass

Audited by Gen Agent Trust Hub on Mar 31, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill provides instructions for reading data from external Portainer environments, creating a potential surface for indirect prompt injection where malicious instructions could be embedded in API responses.
  • Ingestion points: Untrusted data enters the agent context via endpoints such as /stacks/{id}/file, /kubernetes/{id}/events, and /custom_templates as described in SKILL.md.
  • Boundary markers: The instructions do not specify the use of delimiters or 'ignore' instructions when the agent processes these responses.
  • Capability inventory: The skill utilizes curl for all operations and has the capability to modify infrastructure through various POST and PUT endpoints.
  • Sanitization: No sanitization, escaping, or validation of the content returned from the API is mentioned.
  • [COMMAND_EXECUTION]: The skill includes several curl command examples for interacting with the API. These are documented safely using placeholders (e.g., <portainer>, <password>) for hostnames and credentials, ensuring no sensitive data is hardcoded.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 31, 2026, 11:56 PM
Security Audit — agent-trust-hub — portainer-ce-2-39