jfrog-devops
Pass
Audited by Gen Agent Trust Hub on May 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill's scripts and instructions are well-documented and align strictly with its purpose as a DevOps management tool.
- [CREDENTIALS_UNSAFE]: The skill uses safe authentication patterns. It avoids hardcoded secrets and correctly advises using access tokens passed via environment variables or CLI flags.
- [EXTERNAL_DOWNLOADS]: Dependencies are limited to the well-known requests Python library and official JFrog CLI binaries, which are standard components for artifact management.
- [DATA_EXFILTRATION]: Network requests are directed only to the user-configured JFrog instance for legitimate artifact and security scanning operations.
- [PROMPT_INJECTION]: A surface for indirect prompt injection exists due to the processing of data from external Artifactory and Xray APIs.
- Ingestion points: Data is ingested through API responses in scripts/artifactory_client.py and scripts/xray_client.py (e.g., search results, build info, scan reports).
- Boundary markers: No explicit delimiters are used in the prompt instructions to isolate external data from system instructions.
- Capability inventory: The skill uses the requests library for network calls and has the ability to read and write local files to manage artifacts.
- Sanitization: External data returned by the API is parsed as structured JSON/text without additional sanitization before being processed by the agent.
Audit Metadata