infra-deploy
Pass
Audited by Gen Agent Trust Hub on May 11, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill uses the Bash tool to perform environment checks, build Docker containers, and execute GCP deployment commands via the 'gcloud' CLI.
- [EXTERNAL_DOWNLOADS]: The skill interacts with well-known services and registries, including Google Artifact Registry for container images and npm (via 'npx') for database migrations.
- [DATA_EXFILTRATION]: Sensitive configuration data, including database URLs and API keys, are retrieved from 1Password and transmitted to legitimate endpoints at Google Cloud and Cal.com as part of the deployment and webhook registration process.
- [CREDENTIALS_UNSAFE]: Secrets are passed as environment variables to 'gcloud run deploy' and as query parameters in 'curl' commands. While standard in CI/CD and deployment scripts, this practice can expose credentials in process listings or shell history logs if the environment is shared or insecurely logged.
- [PROMPT_INJECTION]: The skill contains 'Self-Evolving' instructions that direct the agent to modify the 'SKILL.md' file directly based on task outcomes. While intended for autonomous improvement of deployment logic, this creates a feedback loop where the agent's instructions can change over time.
Audit Metadata