deployment

Pass

Audited by Gen Agent Trust Hub on Jun 25, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references a third-party debug container image (ghcr.io/bikramkgupta/do-app-debug-container-python) for infrastructure diagnostics. While documented, this image is hosted under an individual's GitHub account rather than an official organization repository.
  • [COMMAND_EXECUTION]: The skill provides numerous templates and instructions to execute administrative commands using doctl and the GitHub CLI (gh). These commands manage cloud resources, repository environments, and CI/CD secrets.
  • [DATA_EXFILTRATION]: The skill manages sensitive configuration including DIGITALOCEAN_ACCESS_TOKEN and DATABASE_URL. It follows security best practices by using the gh CLI to set environment secrets, which ensures the AI agent only generates the command structure without ever accessing the actual credential values.
  • [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it processes untrusted application data during the deployment workflow.
  • Ingestion points: Reads application specifications from .do/app.yaml and processes deployment logs via doctl apps logs.
  • Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflow templates.
  • Capability inventory: The skill has the authority to create, update, and delete cloud applications and modify repository secrets.
  • Sanitization: There is no evidence of sanitization or schema validation performed on the app specification or log data before it is interpreted by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 25, 2026, 01:56 PM
Security Audit — agent-trust-hub — deployment