Skills
skills/iamzhihuix/happy-claude-skills/mkfast-deploy/Gen Agent Trust Hub

mkfast-deploy

Pass

Audited by Gen Agent Trust Hub on Apr 20, 2026

Risk Level: SAFEREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill uses pnpm dlx @better-auth/cli@latest secret to generate secrets. This command downloads and executes a package from the official npm registry, which is a standard procedure for this specific tech stack.
  • [COMMAND_EXECUTION]: The skill executes various shell commands including wrangler deploy, wrangler secret bulk, pnpm run build, and curl for site verification. These are essential for Cloudflare Workers deployment and post-deployment validation.
  • [PROMPT_INJECTION]: The skill identifies an indirect prompt injection surface by reading untrusted project configuration files (such as package.json, wrangler.jsonc, and .env files) to determine the project profile and component setup. This information is used to customize the deployment steps.
  • Ingestion points: Reads package.json, wrangler.jsonc, .env.example, .env.production, and .env.local to extract component status and variables.
  • Boundary markers: Not explicitly present for file contents, though analysis is restricted to identifying specific keys and dependencies.
  • Capability inventory: Performs subprocess calls for build/deploy and network operations via curl and wrangler.
  • Sanitization: No specific sanitization of file content is mentioned before it influences the generated checklist.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 20, 2026, 12:44 PM