ignis
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEPROMPT_INJECTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The OpenCode Agent E2E example demonstrates an architectural pattern where user-supplied input is directly interpolated into a task prompt, creating a surface for indirect prompt injection.
- Ingestion points: The
handle_create_taskfunction inreferences/examples/opencode-agent-e2e/services/api/src/lib.rsreceives user messages. - Boundary markers: No specific boundary markers or ignore instructions directives are used in the generated prompt.
- Capability inventory: The system can trigger internal tasks via the
agent-servicethrough the task API. - Sanitization: Input is trimmed but not sanitized for injection-specific payloads.
- [EXTERNAL_DOWNLOADS]: The CLI guide provides installation commands that download and execute scripts from the vendor domain.
- Evidence:
curl --proto '=https' --tlsv1.2 -LsSf https://igniscloud.dev/i.sh | sh - [COMMAND_EXECUTION]: Example project manifests (
ignis.hcl) use shell commands within thebuild_commandfield for frontend services. - Evidence:
bash -lc "rm -rf dist && mkdir -p dist && cp -R src/. dist/"
Audit Metadata