redeploy-local

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill dynamically generates and executes shell commands by parsing local project files like Makefile, package.json, and Taskfile.yml. This allows for the execution of arbitrary commands defined within the target directory.
  • [COMMAND_EXECUTION]: The skill explicitly includes logic to perform privilege escalation using sudo for system service management (systemd). While the documentation specifies that user consent will be sought, the skill is architected to facilitate privileged command execution.
  • [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface (Category 8). It ingests untrusted data from project documentation (README.md), CI workflows, and build manifests to infer its operational logic. Evidence: Ingestion points include manifest files and READMEs; no explicit boundary markers are present; capabilities include system-level process management; sanitization relies on manual user confirmation.
  • [PROMPT_INJECTION]: There is a discrepancy between the provided skill author (nesnilnehc) and the author listed in the file metadata (ai-cortex), which represents deceptive metadata.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 05:43 AM
Security Audit — agent-trust-hub — redeploy-local