Skills
skills/jfrog/ai-agent-examples/JFrog Access/Gen Agent Trust Hub

JFrog Access

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill documents the automatic installation of the official jf CLI tool when it is missing from the system.
  • [COMMAND_EXECUTION]: The skill relies on shell command execution via jf and curl for all administrative platform operations.
  • [CREDENTIALS_UNSAFE]: A hardcoded example password 'securePass123!' is included in a JSON body example within the api-reference.md file.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes user-provided strings for user, group, and permission management without explicit validation.
  • Ingestion points: User-provided fields in JSON payloads for API requests.
  • Boundary markers: No specific delimiters or safety warnings are included in the instructions.
  • Capability inventory: Shell command execution using jf and curl for resource modification.
  • Sanitization: No data sanitization or escaping mechanisms are described.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:44 PM