openchoreo-developer
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- [PROMPT_INJECTION]: The skill processes untrusted data from the user's local source code repository, creating a surface for indirect prompt injection.
- Ingestion points: The agent is instructed to read local source code,
workload.yamldescriptors, and CI/CD configuration files (like.github/workflows) to determine the application shape and deployment requirements, as seen ingetting-started.mdanddeploy-prebuilt-image.md. - Boundary markers: Instructions include explicit guardrails requiring user confirmation before the agent performs any git actions (commit, push, PR) or destructive platform operations (e.g.,
delete_component). - Capability inventory: The skill possesses extensive capabilities through the
openchoreo-cpMCP server to manage platform resources (CRUD operations on components, workloads, and secrets) and uses localgitandghtools for repository management. - Sanitization: No specific sanitization or prompt-wrapping techniques are provided to mitigate instructions that might be embedded in the analyzed code.
- [COMMAND_EXECUTION]: The skill uses standard development tools to perform repository-related tasks.
- Evidence: Files like
references/recipes/build-from-source.mdandreferences/recipes/deploy-prebuilt-image.mdguide the agent to usegitandgh(GitHub CLI) for staging, committing, pushing code, and managing Pull Requests. These actions are governed by instructions requiring user approval. - [NO_CODE]: No executable script files (e.g., .py, .js, .sh) are distributed with this skill; it consists entirely of instructional markdown and configuration templates.
Audit Metadata