sre-engineer
Pass
Audited by Gen Agent Trust Hub on Apr 13, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains multiple Python scripts that utilize the
subprocessmodule to execute system-level and administrative commands. This includes tools for disk space monitoring (df), service management (systemctl), and file cleanup (find). - [COMMAND_EXECUTION]: Extensive integration with Kubernetes is provided through the execution of
kubectlcommands. The skill demonstrates capabilities to delete pods, patch service specifications, and execute commands inside containers (e.g.,kubectl execfor database operations or network manipulation). - [COMMAND_EXECUTION]: Chaos engineering scripts perform low-level system changes, such as using
tc(traffic control) to inject network latency andiptablesto create network partitions. These operations typically require elevated privileges. - [INDIRECT_PROMPT_INJECTION]: The skill's logic depends on data ingested from external sources, which could be manipulated to influence the agent's behavior.
- Ingestion points: Data is collected from the output of system commands like
df -handkubectl get pods, as well as HTTP responses fromcurlhealth checks in thereferences/automation-toil.mdfile. - Boundary markers: No explicit boundary markers or instruction-ignoring delimiters are used when processing this external data.
- Capability inventory: The skill has broad execution capabilities through
subprocess.run, including network access and system-level configuration changes. - Sanitization: While the scripts avoid
shell=Trueto prevent direct shell injection, they rely on standard string splitting and basic parsing which may be susceptible to logic manipulation if the command outputs are attacker-controlled.
Audit Metadata