ln-730-devops-setup
Pass
Audited by Gen Agent Trust Hub on May 9, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill implements an auto-detection workflow that processes contents from untrusted project files to determine the technology stack and deployment configuration.
- Ingestion points: The skill reads
package.json,*.csproj,requirements.txt,pyproject.toml,appsettings.json, and.env.exampleto extract versions, dependencies, and connection strings. - Boundary markers: No explicit boundary markers or isolation instructions are present to prevent the agent from being influenced by instructions potentially embedded in the analyzed data.
- Capability inventory: The skill possesses the capability to execute system commands (
docker --version,docker-compose config) and invoke external workers (ln-731-docker-generator,ln-732-cicd-generator,ln-733-env-configurator) which perform file system operations and CI/CD configuration. - Sanitization: While the skill includes a 'verification' phase to check for secrets in generated files, it does not apply sanitization, validation, or escaping to the data read from the project files during the auto-detection phase.
Audit Metadata