makers-deploy
Pass
Audited by Gen Agent Trust Hub on Jun 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of the vendor-provided
edgeoneCLI tool through the official NPM registry vianpm install -g edgeone@latest. - [COMMAND_EXECUTION]: The skill uses the
edgeoneCLI to execute multiple operations including authentication checks, login procedures, and project deployments. - [CREDENTIALS_UNSAFE]: The skill handles sensitive API tokens. It follows secure management practices by saving these tokens to a local
.edgeone/.tokenfile and ensuring this file is excluded from version control by updating the project's.gitignore. - [PROMPT_INJECTION]: The skill contains a surface for indirect prompt injection as it parses text output from the
edgeoneCLI to extract project identifiers and deployment URLs. - Ingestion points: Output from the
edgeone pages deploycommand as described inSKILL.md. - Boundary markers: None identified in the prompt templates to separate tool output from instructions.
- Capability inventory: Subprocess execution and file system write access in
SKILL.md. - Sanitization: No validation or sanitization of the CLI output is implemented before the agent processes the extracted data.
Audit Metadata