oke-troubleshooter
Pass
Audited by Gen Agent Trust Hub on Jun 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill automates diagnostic data collection using
kubectlandociCLI tools, alongside a suite of local helper scripts (e.g.,oke-discover.sh). These operations are primarily read-only during the evidence-gathering phase. - [PROMPT_INJECTION]: The skill ingests user-provided symptom descriptions and resource names (cluster IDs, namespaces) which are interpolated into shell commands.
- Ingestion points: Found in
$ARGUMENTSinSKILL.mdand through interactive prompts for cluster and resource identifiers. - Boundary markers: No specific delimiters or "ignore embedded instructions" warnings are used when interpolating these values into shell command strings.
- Capability inventory: The skill has the capability to execute several local shell scripts and interact with cloud/cluster APIs via authenticated CLI tools across all diagnostic files.
- Sanitization: The instructions do not specify explicit sanitization, escaping, or validation of user-provided strings before they are executed in a shell context.
- [COMMAND_EXECUTION]: The
node-doctordiagnostic flow involves high-privilege operations, includingkubectl debug,chroot /host, andsudo. The skill includes a strong safeguard by classifying these as disruptive and requiring explicit user confirmation before each execution instance.
Audit Metadata