app-platform-router
Pass
Audited by Gen Agent Trust Hub on Jun 28, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on executing system-level commands through the
doctl,gh,psql, andawsCLIs to manage DigitalOcean resources, GitHub environments, and database schemas. These operations are core to the skill's functionality and are performed via well-defined helper scripts. - [EXTERNAL_DOWNLOADS]: The
devcontainersandtroubleshootingskills reference external templates and diagnostic container images from GitHub and the GitHub Container Registry (ghcr.io/bikramkgupta/*). These resources provide the environment parity and diagnostic tools necessary for the documented workflows. - [SAFE]: The repository implements a 'Zero-Knowledge' credential management pattern. Scripts such as
secure_setup.shgenerate secure passwords locally and inject them directly into GitHub Secrets, preventing the AI agent from seeing or leaking sensitive values in its context or logs. - [SAFE]: Potential dynamic execution vectors (like
evalandexecidentified in the sandbox documentation) are part of the primary intended use case for creating isolated AI code execution environments and do not represent a vulnerability in the skill's own operational logic. - [SAFE]: Database management scripts use parameterized SQL construction (via
psycopg2.sql.Identifier) and explicit identifier validation to protect against SQL injection when creating multi-tenant schemas and users.
Audit Metadata