Skills
skills/kcns008/cluster-skills/kubernetes/Gen Agent Trust Hub

kubernetes

Pass

Audited by Gen Agent Trust Hub on Apr 18, 2026

Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection as it processes data from potentially untrusted sources (e.g., namespace or pod names) and uses them as arguments in scripts without sufficient boundary markers or sanitization.\n
  • Ingestion points: Arguments provided to the helper scripts in the scripts/ directory and command placeholders in SKILL.md.\n
  • Boundary markers: Absent; there are no delimiters to separate trusted instructions from untrusted external data.\n
  • Capability inventory: The skill has high-privilege access to cluster management tools like kubectl and oc, which can modify or delete cluster resources.\n
  • Sanitization: Absent; input is directly interpolated into command strings.\n- [COMMAND_EXECUTION]: The helper scripts, such as security-audit.sh and argocd-app-sync.sh, are vulnerable to command and argument injection. They expand variables like $NS_FLAG or $APP directly into shell commands or within partially quoted strings. This could allow an attacker to execute arbitrary commands or manipulate flags by providing input that includes shell metacharacters or closing quotes.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 18, 2026, 03:02 PM