Create HC AWS
Pass
Audited by Gen Agent Trust Hub on Jun 6, 2026
Risk Level: SAFEDATA_EXFILTRATIONCOMMAND_EXECUTION
Full Analysis
- [DATA_EXFILTRATION]: The skill references and utilizes local sensitive configuration files, including AWS credentials ($AWS_CREDENTIALS), OpenShift pull secrets ($PULL_SECRET), and management cluster kubeconfigs ($MGMT_KUBECONFIG). This access is a requirement for the skill's primary function of provisioning and managing cloud resources and container clusters.
- [COMMAND_EXECUTION]: The skill instructs the agent to execute a local binary (./bin/hypershift) and the kubectl CLI to interact with the AWS and Kubernetes APIs. These operations are standard for the intended administrative tasks.
- [PROMPT_INJECTION]: An indirect prompt injection surface exists as the skill interpolates user-provided placeholders, such as <CLUSTER_NAME>, into shell commands.
- Ingestion points: User-provided cluster names and custom image tags in SKILL.md.
- Boundary markers: Absent; placeholders are directly interpolated into bash commands.
- Capability inventory: Subprocess execution of ./bin/hypershift and kubectl in SKILL.md.
- Sanitization: No explicit sanitization or validation of the cluster name is described in the skill instructions.
Audit Metadata