deployless-production-path

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, obfuscation, or unauthorized data access attempts were detected. The skill instructions are consistent with its stated purpose of DevOps automation and CI/CD configuration.
  • [SAFE]: The skill promotes security best practices, such as using provider-specific secret stores and avoiding the inclusion of secrets in repository files or logs.
  • [SAFE]: Includes considerations for operational stability, such as AI PR flood control, cost-aware CI triggers, and idempotent deployment scripts.
  • [PROMPT_INJECTION]: The skill maintains a surface for indirect prompt injection because it processes untrusted repository data to generate deployment logic.
  • Ingestion points: Analyzes existing CI/CD configurations (GitHub Actions, GitLab CI, etc.), deployment scripts, and project documentation (e.g., Dockerfile, vercel.json).
  • Boundary markers: None explicitly defined in the instructions for separating ingested data from the prompt context.
  • Capability inventory: The agent is empowered to create and modify CI/CD workflow files, build/test scripts, and deployment documentation.
  • Sanitization: No specific content validation or escaping mechanisms are described for the analyzed repository files.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 05:36 PM
Security Audit — agent-trust-hub — deployless-production-path