eks-upgrade-check
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various
awsCLI andkubectlcommands to discover clusters and inspect their state. These includeaws eks describe-cluster,aws eks list-nodegroups,aws ec2 describe-subnets, andkubectl get <resource>. These operations are standard for a cluster auditing tool and are used to gather evidence for the upgrade assessment. - [EXTERNAL_DOWNLOADS]: The skill uses
webFetchto retrieve compatibility information and release notes from official open-source project documentation and repositories. Sources include established projects such as Istio, cert-manager, Argo CD, and official GitHub repositories for Kubernetes SIGs. These downloads are performed to provide real-time compatibility data and do not involve executable code. - [INDIRECT_PROMPT_INJECTION]: The skill ingests data from external websites (OSS project documentation) and cluster-derived metadata (labels and annotations). This represents a potential surface for indirect prompt injection if an attacker-controlled resource contained malicious instructions. However, the skill treats this data as informational evidence, uses deterministic scoring logic in its steering files, and employs a conversion tool (
md_to_html.py) that explicitly escapes cluster-derived strings to prevent markup injection in the final report.
Audit Metadata