hyperpod-cluster-debugger

Pass

Audited by Gen Agent Trust Hub on May 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The diagnostic script scripts/diagnose-cluster.sh executes numerous read-only commands using the aws CLI and kubectl to inspect the status of VPCs, Security Groups, IAM roles, EKS clusters, and SageMaker HyperPod resources.- [REMOTE_CODE_EXECUTION]: The skill uses aws ssm start-session to execute diagnostic shell scripts on remote cluster nodes. This is used specifically to check the health of the Slurm scheduler, Munge authentication, and job queues on controller nodes.- [INDIRECT_PROMPT_INJECTION]: The skill processes data from various AWS and Kubernetes API responses which could theoretically be manipulated by an attacker who has modified resource metadata.
  • Ingestion points: API response JSON from aws sagemaker, aws ec2, aws eks, and kubectl commands, as well as command output returned from SSM sessions in scripts/diagnose-cluster.sh.
  • Boundary markers: None used in the script output.
  • Capability inventory: The skill possesses extensive cluster-wide read capabilities and the ability to execute shell scripts on nodes via SSM.
  • Sanitization: The script uses Python's json module to parse all API responses, ensuring that malicious strings in resource metadata do not result in shell command injection during local processing.- [DYNAMIC_EXECUTION]: The script scripts/diagnose-cluster.sh dynamically generates shell commands for remote execution. It utilizes Base64 encoding to safely transport these scripts to remote nodes through the Systems Manager (SSM) API, which is a standard method for non-interactive command execution.
Audit Metadata
Risk Level
SAFE
Analyzed
May 20, 2026, 12:02 PM
Security Audit — agent-trust-hub — hyperpod-cluster-debugger