hyperpod-cluster-debugger
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The diagnostic script
scripts/diagnose-cluster.shexecutes numerous read-only commands using theawsCLI andkubectlto inspect the status of VPCs, Security Groups, IAM roles, EKS clusters, and SageMaker HyperPod resources.- [REMOTE_CODE_EXECUTION]: The skill usesaws ssm start-sessionto execute diagnostic shell scripts on remote cluster nodes. This is used specifically to check the health of the Slurm scheduler, Munge authentication, and job queues on controller nodes.- [INDIRECT_PROMPT_INJECTION]: The skill processes data from various AWS and Kubernetes API responses which could theoretically be manipulated by an attacker who has modified resource metadata. - Ingestion points: API response JSON from
aws sagemaker,aws ec2,aws eks, andkubectlcommands, as well as command output returned from SSM sessions inscripts/diagnose-cluster.sh. - Boundary markers: None used in the script output.
- Capability inventory: The skill possesses extensive cluster-wide read capabilities and the ability to execute shell scripts on nodes via SSM.
- Sanitization: The script uses Python's
jsonmodule to parse all API responses, ensuring that malicious strings in resource metadata do not result in shell command injection during local processing.- [DYNAMIC_EXECUTION]: The scriptscripts/diagnose-cluster.shdynamically generates shell commands for remote execution. It utilizes Base64 encoding to safely transport these scripts to remote nodes through the Systems Manager (SSM) API, which is a standard method for non-interactive command execution.
Audit Metadata