multitenant-up
Pass
Audited by Gen Agent Trust Hub on May 16, 2026
Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes various shell commands to manage local infrastructure, such as
just run-multitenant-localfor building/deploying andkubectlfor port-forwarding and process management.- [DATA_EXFILTRATION]: Extracts an administrative API token by reading logs from a running container (kubectl logs). While intended for user setup, this involves the agent accessing and displaying sensitive live credentials.- [COMMAND_EXECUTION]: Useskubectl execto retrieve a server certificate from within a container and writes it to a temporary file on the host (/tmp/duckgres-server.crt).- [PROMPT_INJECTION]: The skill has an attack surface for indirect prompt injection because it ingests and processes unvalidated data from service logs. A compromised service could output logs containing instructions designed to influence the agent's behavior. - Ingestion points: Output of
kubectl logsin SKILL.md - Boundary markers: Absent
- Capability inventory:
kubectl,just,pkill, and filesystem write operations - Sanitization: None present
Audit Metadata