eks-upgrade-check

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFE
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes various aws CLI and kubectl commands to discover clusters and inspect their state. These include aws eks describe-cluster, aws eks list-nodegroups, aws ec2 describe-subnets, and kubectl get <resource>. These operations are standard for a cluster auditing tool and are used to gather evidence for the upgrade assessment.
  • [EXTERNAL_DOWNLOADS]: The skill uses webFetch to retrieve compatibility information and release notes from official open-source project documentation and repositories. Sources include established projects such as Istio, cert-manager, Argo CD, and official GitHub repositories for Kubernetes SIGs. These downloads are performed to provide real-time compatibility data and do not involve executable code.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external websites (OSS project documentation) and cluster-derived metadata (labels and annotations). This represents a potential surface for indirect prompt injection if an attacker-controlled resource contained malicious instructions. However, the skill treats this data as informational evidence, uses deterministic scoring logic in its steering files, and employs a conversion tool (md_to_html.py) that explicitly escapes cluster-derived strings to prevent markup injection in the final report.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 12:03 AM
Security Audit — agent-trust-hub — eks-upgrade-check