openchoreo-setup
Pass
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill uses bash scripts to download version metadata and installation documentation from the openchoreo.dev domain and its associated GitHub repository. These resources are used to ensure the agent uses the most current procedures for the specified platform version.
- [COMMAND_EXECUTION]: The playbooks instruct the agent to execute a variety of shell commands, including kubectl, helm, k3d, rdctl, and cloud provider CLIs like aws eks, to manage cluster state and install the platform.
- [PROMPT_INJECTION]: The skill architecture presents a surface for indirect prompt injection by fetching and following remote markdown files.
- Ingestion points: Documentation pages and indices fetched via scripts/fetch-page.sh from the vendor's website.
- Boundary markers: Absent; the skill does not use delimiters to isolate fetched content.
- Capability inventory: High-privilege access to Kubernetes clusters and cloud resources via CLI tools.
- Sanitization: Absent; the remote markdown is processed directly as instructions.
Audit Metadata