cluster-update-advisor
Pass
Audited by Gen Agent Trust Hub on May 14, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill exhibits a surface for Indirect Prompt Injection.\n
- Ingestion points: The skill ingests 'Cluster Readiness Data' (JSON) directly from the proposal request context as described in SKILL.md.\n
- Boundary markers: It uses markdown code blocks (```json) to delimit the data, which provides some structural separation but does not prevent instructions embedded within the JSON values from influencing the agent's reasoning.\n
- Capability inventory: The skill can trigger secondary operations like querying
prometheusfor metrics, searchingjirafor bugs, and calling theproduct-lifecycleAPI, all of which could be influenced by parameters derived from the injected data.\n - Sanitization: There is no mention of sanitizing, escaping, or validating the JSON content to ensure it contains only telemetry data and not natural language instructions intended to bypass constraints.
Audit Metadata