production-troubleshooting
Pass
Audited by Gen Agent Trust Hub on Apr 6, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill relies on high-privilege tools such as
kubectlandk8s-toolto manage cluster resources. It performs operations such as retrieving logs, checking resource metrics, describing pod configurations, and executing commands inside containers (e.g.,psqlfor database checks andnslookupfor network diagnostics). It also includes instructions for restarting cluster-level components like CoreDNS. - [DATA_EXFILTRATION]: The investigation workflow involves reading sensitive application data, including production logs and Helm configuration files (e.g.,
/kubernetes/helm/web-app/values.prod.yaml). These configurations often contain environment variables and connection details (likeDATABASE_URL) necessary for troubleshooting, which represents an access surface for sensitive data. - [PROMPT_INJECTION]: The skill exhibits a surface area for indirect prompt injection as it analyzes untrusted data from external sources such as application logs and Sentry traces.
- Ingestion points: Application logs fetched via
k8s-tooland performance traces from Sentry are ingested into the agent context. - Boundary markers: No explicit delimiters or boundary markers are used to separate ingested log content from instructions.
- Capability inventory: The agent possesses extensive Kubernetes management capabilities (exec, logs, describe, top, rollout restart) while processing this untrusted data.
- Sanitization: There is no evidence of validation or sanitization performed on the external log content before it is processed by the agent.
Audit Metadata