promovaweb-devops-review-uptime-kuma-stack
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: Configuration Audit: The skill performs a static analysis of uptime-kuma.yaml to ensure compliance with deployment guidelines.
- [SAFE]: Local Operation: The skill reads a local file and writes a report (uptime-kuma.audit.md) without making any network connections or exfiltrating data.
- [SAFE]: Security Auditing: The instructions specifically include checks for security risks like Docker socket exposure and unnecessary port mapping, providing remediation advice.
- [SAFE]: Data Ingestion: While the skill processes external data from a YAML file (Indirect Prompt Injection surface), this behavior is necessary for its diagnostic purpose and is not combined with dangerous capabilities like arbitrary code execution.
Audit Metadata