Skills
skills/openchoreo/skills/openchoreo-import/Gen Agent Trust Hub

openchoreo-import

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes standard CLI tools including helm, kustomize, and node to process manifests. It also runs a provided shell script preview.sh to manage a local Node.js preview server (server.cjs) on the loopback interface (127.0.0.1).
  • [EXTERNAL_DOWNLOADS]: The skill may trigger helm dependency update, which downloads Helm chart dependencies from configured remote registries. It also references documentation on the vendor's official domain openchoreo.dev.
  • [INDIRECT_PROMPT_INJECTION]: The skill processes untrusted input in the form of local application manifests (Helm, Kustomize, Docker Compose, Kubernetes YAML).
  • Ingestion points: Rendered manifests are read and classified in SKILL.md (Step 2 and Step 3).
  • Boundary markers: Absent. The skill parses the raw output of rendering tools directly.
  • Capability inventory: Executes shell commands (helm, kustomize) and manages a local web server via preview.sh.
  • Sanitization: Absent. The agent performs analysis on the raw content of the ingested manifests.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 03:55 PM
Security Audit — agent-trust-hub — openchoreo-import