helm-chart-patterns
Fail
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: Hardcoded credentials found in documentation examples.
- Evidence: The file 'references/dependencies.md' contains a hardcoded password string 'password: secret123' within a configuration example.
- [COMMAND_EXECUTION]: The skill documents and provides patterns for executing arbitrary shell commands and scripts.
- Evidence: 'SKILL.md' contains examples for 'helm' and 'kubectl'. 'references/hooks.md' and 'references/helmfile.md' provide examples for executing 'npm run migrate', shell scripts ('backup.sh'), and 'kubectl' commands during deployment lifecycles.
- [EXTERNAL_DOWNLOADS]: The skill instructs on fetching charts, images, and tools from external repositories.
- Evidence: Fetches configuration and charts from well-known sources such as 'charts.bitnami.com', 'docker.io', 'github.com/helmfile/helmfile', and 'kubernetes.github.io' for dependency management and image orchestration.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing external configuration data.
- Evidence:
- Ingestion points: 'values.yaml' and 'Chart.yaml' files are ingested and processed to render templates (found in 'SKILL.md' and 'references/chart-structure.md').
- Boundary markers: No explicit boundary markers or instructions to ignore embedded instructions are provided.
- Capability inventory: The skill uses 'helm' and 'kubectl' subprocesses to modify system state based on the ingested data.
- Sanitization: The skill recommends the use of 'values.schema.json' for data validation, which partially mitigates the risk.
Recommendations
- AI detected serious security threats
Audit Metadata