deploy-check

Pass

Audited by Gen Agent Trust Hub on Jun 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill creates a local shell script (scripts/version-stamp.sh) and modifies the package.json file to include prebuild and predev hooks that execute this script during the build process.
  • [EXTERNAL_DOWNLOADS]: During verification mode, the skill performs network requests to user-provided URLs using curl and agent-browser to fetch version metadata from meta tags and JSON endpoints.
  • [DATA_EXFILTRATION]: The skill instruments the application with a public /__version endpoint that exposes build metadata such as Git SHA, branch name, and build timestamps. While the skill includes instructions to avoid leaking sensitive environment variables, the endpoint itself is publicly accessible by design.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it ingests and parses untrusted data from external URLs (meta tags and JSON responses) to verify deployment status.
  • Ingestion points: Data is ingested via agent-browser js commands and curl responses from external application URLs.
  • Boundary markers: None. The agent is instructed to parse and compare the raw output from these external sources.
  • Capability inventory: The skill has the capability to execute shell commands (bash, git, curl) and modify files throughout the project structure.
  • Sanitization: No sanitization or validation of the external content is performed before the agent processes and acts upon the information.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 17, 2026, 11:36 AM
Security Audit — agent-trust-hub — deploy-check