Skills
skills/zeabur/agent-skills/zeabur-deploy/Gen Agent Trust Hub

zeabur-deploy

Pass

Audited by Gen Agent Trust Hub on May 4, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various shell commands through the Zeabur CLI to manage the deployment lifecycle. This includes commands for listing projects (project list), listing servers (server list), searching for GitHub repositories (service search-repo), and performing the actual deployment (deploy).
  • [EXTERNAL_DOWNLOADS]: The instructions mandate the use of npx zeabur@latest, which dynamically downloads and executes the latest version of the Zeabur CLI from the npm registry. This is the official distribution method for the vendor's tooling.
  • [DATA_EXFILTRATION]: During the deployment process, the skill transmits local project data or repository identifiers to Zeabur's infrastructure. This is the primary intended function of the skill and is required for cloud hosting.
  • [PROMPT_INJECTION]: The skill has a surface for indirect prompt injection as it processes project names and repository metadata from external sources (the Zeabur API and GitHub).
  • Ingestion points: Data retrieved via project list and service search-repo in SKILL.md.
  • Boundary markers: None identified in the prompt templates.
  • Capability inventory: Shell command execution for platform management in SKILL.md.
  • Sanitization: No specific sanitization or validation of the ingested metadata is described.
Audit Metadata
Risk Level
SAFE
Analyzed
May 4, 2026, 03:23 AM