hyperpod-issue-report
Pass
Audited by Gen Agent Trust Hub on May 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various local CLI tools including
aws(for EKS, S3, and SSM operations) andkubectl(to describe Kubernetes resources). It also allows users to specify custom commands to run on remote HyperPod nodes for advanced troubleshooting. - [EXTERNAL_DOWNLOADS]: During diagnostic collection on EKS clusters, the script downloads the official
eks-log-collector.shfrom the awslabs organization's GitHub repository. This process includes a mandatory SHA256 integrity check to ensure the script has not been tampered with before execution. - [DATA_EXFILTRATION]: The skill's primary purpose is to aggregate diagnostic data and upload it to a user-specified S3 bucket. All data movement is handled via standard AWS SDKs (boto3) and CLI tools using the user's own AWS credentials.
- [SAFE]: The bundled Python script uses
pexpectto manage interactive SSM sessions securely and employsshlexfor safe command argument quoting, minimizing the risk of command injection.
Audit Metadata