bifrost-platform
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill installs the
@chandrashekharchoudha/bifrost-clipackage globally via npm if it is not already present on the system. - [COMMAND_EXECUTION]: Utilizes multiple shell tools including the native
bifrostbinary,git,gh, andnpmto perform repository management, environment setup, and deployment operations. - [DATA_EXFILTRATION]: Accesses sensitive local files such as
.env,.env.local, and.bifrost.yamlto retrieve configuration and credentials required for platform authentication and application deployment. - [PROMPT_INJECTION]: Contains a vulnerability surface for indirect prompt injection because the skill instructs the agent to read and interpret data from repository-level files that could be controlled by an attacker.
- Ingestion points: Processes files such as
package.json,Dockerfile,next.config.js, and.envfrom the local repository during preflight and deployment phases. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are used when the agent reads these external files.
- Capability inventory: The skill has access to shell execution (
bifrost,git,gh,npm) and file system write capabilities. - Sanitization: There is no evidence of sanitization or strict schema validation performed on the contents of the ingested repository files.
Audit Metadata