oke-troubleshooter

Pass

Audited by Gen Agent Trust Hub on Jun 27, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill automates diagnostic data collection using kubectl and oci CLI tools, alongside a suite of local helper scripts (e.g., oke-discover.sh). These operations are primarily read-only during the evidence-gathering phase.
  • [PROMPT_INJECTION]: The skill ingests user-provided symptom descriptions and resource names (cluster IDs, namespaces) which are interpolated into shell commands.
  • Ingestion points: Found in $ARGUMENTS in SKILL.md and through interactive prompts for cluster and resource identifiers.
  • Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when interpolating these values into shell command strings.
  • Capability inventory: The skill has the capability to execute several local shell scripts and interact with cloud/cluster APIs via authenticated CLI tools across all diagnostic files.
  • Sanitization: The instructions do not specify explicit sanitization, escaping, or validation of user-provided strings before they are executed in a shell context.
  • [COMMAND_EXECUTION]: The node-doctor diagnostic flow involves high-privilege operations, including kubectl debug, chroot /host, and sudo. The skill includes a strong safeguard by classifying these as disruptive and requiring explicit user confirmation before each execution instance.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 27, 2026, 10:47 AM
Security Audit — agent-trust-hub — oke-troubleshooter