deployment
Pass
Audited by Gen Agent Trust Hub on Jun 25, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references a third-party debug container image (
ghcr.io/bikramkgupta/do-app-debug-container-python) for infrastructure diagnostics. While documented, this image is hosted under an individual's GitHub account rather than an official organization repository. - [COMMAND_EXECUTION]: The skill provides numerous templates and instructions to execute administrative commands using
doctland the GitHub CLI (gh). These commands manage cloud resources, repository environments, and CI/CD secrets. - [DATA_EXFILTRATION]: The skill manages sensitive configuration including
DIGITALOCEAN_ACCESS_TOKENandDATABASE_URL. It follows security best practices by using theghCLI to set environment secrets, which ensures the AI agent only generates the command structure without ever accessing the actual credential values. - [PROMPT_INJECTION]: The skill possesses an indirect prompt injection attack surface because it processes untrusted application data during the deployment workflow.
- Ingestion points: Reads application specifications from
.do/app.yamland processes deployment logs viadoctl apps logs. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present in the workflow templates.
- Capability inventory: The skill has the authority to create, update, and delete cloud applications and modify repository secrets.
- Sanitization: There is no evidence of sanitization or schema validation performed on the app specification or log data before it is interpreted by the agent.
Audit Metadata