coolify-operator
Pass
Audited by Gen Agent Trust Hub on May 2, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill acts as an operator for external Coolify instances, creating a surface for indirect prompt injection through the ingestion of untrusted data. Ingestion points: Application names, logs, and database statuses retrieved via the Coolify API and CLI (SKILL.md). Boundary markers: No specific delimiters or instructions to ignore embedded commands in API output are provided. Capability inventory: Subprocess execution of the
coolifyCLI andcurlfor deployment, service management, and environment variable synchronization (SKILL.md). Sanitization: While the skill advises on safe shell reading of local.envfiles, it does not specify sanitization or validation protocols for data returned from the remote API endpoints. - [SAFE]: The instructions demonstrate security awareness by recommending the use of
sedto parse environment variables, which prevents shell interpretation issues with special characters (like pipes) commonly found in Coolify API tokens. - [SAFE]: All external references, including the CLI GitHub repository and documentation links, point to the official and well-known
coolify.iodomain andcoollabsioorganization.
Audit Metadata