deployment-advisor
Warn
Audited by Gen Agent Trust Hub on Apr 5, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill directs the agent to read sensitive file paths, specifically .env files and configuration files, during its system inventory process. This can lead to the exposure of credentials, API keys, and other secrets within the agent's context.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection (Category 8) as it processes untrusted data from project files. Ingestion points: Reads contents of package.json, .env, requirements.txt, and go.mod as referenced in the decision framework. Boundary markers: Absent; no instructions are provided to the agent to ignore or delimit potentially malicious instructions within these files. Capability inventory: The agent uses this information to formulate architectural and service recommendations. Sanitization: Absent; no validation or filtering of file content is described.
- [COMMAND_EXECUTION]: To gather system inventory, the skill directs the agent to identify running processes and open ports (e.g., ports 3000, 5432, 6379), which necessitates the execution of system-level commands.
Audit Metadata