promovaweb-devops-review-databasus-stack
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection by instructing the agent to read and process external configuration files (
databasus.yamlandpostgres.yaml) which could contain malicious instructions designed to influence the agent's behavior during the audit process.\n - Ingestion points: The skill reads
databasus.yamlandpostgres.yamlas specified in Step 1 of the execution instructions inSKILL.md.\n - Boundary markers: Absent; the instructions do not use delimiters or explicit warnings to ignore embedded instructions within the audited files.\n
- Capability inventory: The skill's instructions involve reading local files (Step 1) and writing a markdown report to the local file system (Step 3). While the agent platform may have broader capabilities (like shell or network access), the skill itself does not explicitly call for them, limiting the immediate impact of an injection.\n
- Sanitization: Absent; the skill does not specify any sanitization, validation, or escaping of the content read from the target YAML files before processing.
Audit Metadata