k6-manage
Pass
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: SAFEPROMPT_INJECTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill ingests untrusted data from k6 logs and traces, creating a surface for indirect prompt injection.
- Ingestion points: Loki logs (SKILL.md, Section 4) and Tempo traces (SKILL.md, Section 7) are retrieved from the k6 API and processed by the agent.
- Boundary markers: Absent; external data is not delimited or accompanied by specific instructions to ignore embedded commands.
- Capability inventory: The skill can execute shell commands (gcx, curl, k6, tar, sed), perform network operations, and access the local filesystem.
- Sanitization: Content is filtered and summarized using jq, but no explicit sanitization for malicious LLM instructions is performed.
- [REMOTE_CODE_EXECUTION]: The skill downloads test scripts from the k6 cloud API and executes them locally.
- Evidence: Sections 5 and 9 of SKILL.md describe fetching JS/TS scripts or tar archives from api.k6.io and running them with the k6 CLI for verification.
- [EXTERNAL_DOWNLOADS]: The skill fetches various artifacts such as logs, trace data, and browser screenshots from remote k6 and S3 endpoints.
- Evidence: Sections 4, 6, and 7 of SKILL.md detail the retrieval of logs, Tempo traces, and screenshots (using pre-signed S3 URLs) to the /tmp/ directory.
- [COMMAND_EXECUTION]: The skill utilizes several system utilities to manage and process test-related files.
- Evidence: The instructions involve using tar, sed, shasum, and file to extract archives, modify script content, and verify file integrity.
Audit Metadata