osmo-admin
Warn
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructions in
references/service-configs.mddirect the agent to "discover a local validation command when one is provided or declared in the config root" and execute it. Running arbitrary commands or scripts found within a user-supplied repository represents a dynamic execution risk where the agent might inadvertently execute malicious scripts placed in the workspace. - [PROMPT_INJECTION]: The skill processes untrusted user-provided configuration files (YAML) to determine its logic, such as resolving pod templates or resource validations. This creates an indirect prompt injection surface (Category 8c) where malicious content in these files could influence agent behavior, particularly concerning given the skill's shell and filesystem capabilities.
- [COMMAND_EXECUTION]: The skill relies on the
shelltool for repository discovery, file searching viaripgreporgrep, and git operations. While the instructions include several "Critical Gates" to prevent live cluster mutation, the capability to execute shell commands across a user-provided directory tree increases the potential impact of an injection attack.
Audit Metadata