Skills
skills/jeffallan/claude-skills/sre-engineer/Gen Agent Trust Hub

sre-engineer

Warn

Audited by Gen Agent Trust Hub on Apr 29, 2026

Risk Level: MEDIUMCOMMAND_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides Python templates that execute arbitrary shell commands using subprocess.run with shell=True inside the AutomatedRunbook class. This pattern is inherently risky as it allows for command injection if the command strings are constructed from untrusted input.
  • Evidence: references/automation-toil.md contains subprocess.run(step.command, shell=True, ...).
  • [COMMAND_EXECUTION]: The skill demonstrates and encourages the use of powerful system and cluster management tools such as kubectl, systemctl, tc, and iptables for automated remediation and chaos engineering.
  • Evidence: SKILL.md uses kubectl rollout restart. references/automation-toil.md uses systemctl restart and df. references/incident-chaos.md uses tc for latency injection and iptables via kubectl exec.
  • [COMMAND_EXECUTION]: Potential for Indirect Prompt Injection (Category 8) where untrusted metadata or parameters could be used to manipulate shell commands.
  • Ingestion points: CLI arguments (sys.argv) in SKILL.md and user-defined RunbookStep objects in references/automation-toil.md.
  • Boundary markers: None present; data is directly interpolated into command strings.
  • Capability inventory: subprocess.run is used extensively across SKILL.md, references/automation-toil.md, and references/incident-chaos.md to perform file operations, network configuration, and container management.
  • Sanitization: No evidence of input validation or escaping before passing data to shell execution functions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Apr 29, 2026, 11:29 AM