Skills
skills/jfrog/ai-agent-examples/jfrog-project-onboarding/Gen Agent Trust Hub

jfrog-project-onboarding

Pass

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill performs extensive shell command execution using the JFrog CLI (jf api), curl, jq, and yq to automate the provisioning of platform resources. These operations are safely conducted after mandatory checks confirm the agent is using a token with platform admin privileges.
  • [PROMPT_INJECTION]: The skill processes external data from configuration manifests and repository files (e.g., package.json, pom.xml, go.mod) to drive the onboarding logic, representing an indirect prompt injection surface.
  • Ingestion points: User-provided onboarding manifests (e.g., jfrog-manifest.yaml) and repository-level indicator files.
  • Boundary markers: Not explicitly implemented within the scripts; the skill relies on the structured nature of YAML and JSON for data isolation.
  • Capability inventory: The skill has broad capabilities to interact with the JFrog Platform API and GitHub repositories, including resource creation and CI/CD workflow modification.
  • Sanitization: Employs standard parsing utilities like jq and yq to extract and validate data fields before they are used in commands.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 29, 2026, 03:44 PM