coolify-operator

Pass

Audited by Gen Agent Trust Hub on May 2, 2026

Risk Level: SAFEPROMPT_INJECTION
Full Analysis
  • [PROMPT_INJECTION]: The skill acts as an operator for external Coolify instances, creating a surface for indirect prompt injection through the ingestion of untrusted data. Ingestion points: Application names, logs, and database statuses retrieved via the Coolify API and CLI (SKILL.md). Boundary markers: No specific delimiters or instructions to ignore embedded commands in API output are provided. Capability inventory: Subprocess execution of the coolify CLI and curl for deployment, service management, and environment variable synchronization (SKILL.md). Sanitization: While the skill advises on safe shell reading of local .env files, it does not specify sanitization or validation protocols for data returned from the remote API endpoints.
  • [SAFE]: The instructions demonstrate security awareness by recommending the use of sed to parse environment variables, which prevents shell interpretation issues with special characters (like pipes) commonly found in Coolify API tokens.
  • [SAFE]: All external references, including the CLI GitHub repository and documentation links, point to the official and well-known coolify.io domain and coollabsio organization.
Audit Metadata
Risk Level
SAFE
Analyzed
May 2, 2026, 06:21 AM
Security Audit — agent-trust-hub — coolify-operator