olares-cluster
Warn
Audited by Gen Agent Trust Hub on Jun 14, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The
cluster middleware listcommand supports a--show-passwordsflag which enables the retrieval of administrative passwords for various middleware services (PostgreSQL, MongoDB, etc.) in plaintext JSON format. This allows the agent to access and potentially leak sensitive credentials. (Evidence: references/olares-cluster-middleware.md) - [COMMAND_EXECUTION]: The skill facilitates the execution of numerous administrative commands via
olares-clithat can modify or destroy cluster resources. Examples includepod delete,workload scale, andjob rerun. Although the skill mentions confirmation prompts, it also highlights that the--yesor-yflags can be used to bypass these safeguards. (Evidence: SKILL.md, references/olares-cluster-workload.md) - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from the Kubernetes environment, such as container logs (
pod logs) and resource definitions (yaml). There are no documented sanitization procedures or boundary markers to prevent malicious content within this data from influencing the agent's behavior. (Evidence: references/olares-cluster-pod.md, SKILL.md) - Ingestion points:
olares-cli cluster pod logs,olares-cli cluster <noun> yaml,olares-cli cluster application status(events). - Boundary markers: Absent in the instructions.
- Capability inventory: Full Kubernetes management suite including pod deletion, workload scaling, and middleware inventory.
- Sanitization: Not mentioned; data is passed directly to the agent context.
Audit Metadata