cloud-architecture
Pass
Audited by Gen Agent Trust Hub on Apr 28, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection because it is designed to process external project context and problem descriptions without explicit security boundaries.\n
- Ingestion points: Project context, constraints, and problem descriptions are gathered as mandatory inputs (SKILL.md).\n
- Boundary markers: The skill lacks defined delimiters or instructions to ignore potential commands embedded within the ingested project data.\n
- Capability inventory: The skill instructions involve the use of powerful CLI tools including 'aws', 'docker', 'kubectl', 'certbot', and 'npm' across multiple files.\n
- Sanitization: No procedures for validating or sanitizing the gathered external content are specified before its use in commands or prompts.\n- [COMMAND_EXECUTION]: The skill frequently uses the 'aws' and 'docker' CLI tools to perform infrastructure operations such as region configuration, EC2 instance management, VPC creation, and container orchestration. It also suggests using 'sudo certbot' for SSL/TLS management, which involves elevated local privileges.\n- [EXTERNAL_DOWNLOADS]: Dockerfile examples and configuration templates reference software images from trusted and well-known registries, including official Docker Hub repositories (node, postgres, redis) and Google Container Registry (distroless/nodejs22-debian12).
Audit Metadata