Skills
skills/jfrog/ai-agent-examples/Apptrust Evidence Policies/Gen Agent Trust Hub

Apptrust Evidence Policies

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes shell commands (curl, jq, grep) to interact with the JFrog Platform API and process configuration files. These operations are standard for a platform administration tool.
  • [EXTERNAL_DOWNLOADS]: The skill performs network operations to fetch and post data to the JFrog Platform via the user-specified JFROG_URL. These interactions are restricted to the vendor's API endpoints (/unifiedpolicy/api/v1/).
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface by ingesting and analyzing template and rule definitions from the JFrog API responses.
  • Ingestion points: SKILL.md (Steps 2, 3, and 5) retrieves and analyzes existing Rego policies and rule parameters from the Unified Policy API.
  • Boundary markers: No specific delimiters or safety warnings are used when the agent processes the retrieved Rego code.
  • Capability inventory: The agent can execute curl commands (GET/POST) and read local configuration files (.env, .jfrog/config).
  • Sanitization: The skill lacks explicit sanitization of the content retrieved from the API before it is analyzed by the agent.
  • [DYNAMIC_EXECUTION]: The agent dynamically generates Rego policies (code) based on user requirements and predefined templates. This behavior is the primary purpose of the skill and is handled using standard string interpolation for the API payloads.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:44 PM