argocd
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official Argo CD CLI binary from the 'argoproj' organization's GitHub repository. The source is the authoritative repository for the tool described in the skill.
- [COMMAND_EXECUTION]: Instructs the user to use
sudoandchmod +xduring the installation process inresources/install-and-setup.md. These commands are standard for installing system-wide CLI binaries on Linux and macOS. - [CREDENTIALS_UNSAFE]: Accesses the
argocd-initial-admin-secretKubernetes secret to retrieve the default administrative password. This is a required step for the initial setup and configuration of an Argo CD instance. - [PROMPT_INJECTION]: Presents a surface for indirect prompt injection as the skill is designed to process data from external Git repositories.
- Ingestion points: External Git repositories specified in
ApplicationCRDs (e.g.,resources/application-management.md). - Boundary markers: None explicitly defined in the prompts to differentiate between user instructions and data within manifests.
- Capability inventory: Subprocess execution for
argocdandkubectlcommands (e.g.,resources/command-cookbook.md). - Sanitization: Relies on standard Argo CD validation and CLI parsing; no additional agent-side sanitization is documented.
Audit Metadata