cerbos-policy
Pass
Audited by Gen Agent Trust Hub on Apr 15, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted external data such as natural language requirements, PDFs, or specifications, which can lead to indirect prompt injection because the agent has file-writing and command-execution capabilities. \n
- Ingestion points: Natural language requirements, PDFs, or specifications provided by the user in Phase 1 of the workflow. \n
- Boundary markers: Absent; there are no instructions to use delimiters or specific warnings to ignore embedded instructions in the source documents. \n
- Capability inventory: Includes file system modification (Write, Edit, Glob) and shell command execution (Bash for Docker operations). \n
- Sanitization: No sanitization or validation of the input content before processing is described. \n- [COMMAND_EXECUTION]: Executes shell commands via Docker to compile and validate policies and to run the REPL debugging tool. These operations use official images from the vendor's repository. \n- [EXTERNAL_DOWNLOADS]: Fetches and runs official container images (ghcr.io/cerbos/cerbos and ghcr.io/cerbos/cerbosctl) from the GitHub Container Registry. These are well-known services and trusted resources from the skill's author.
Audit Metadata