dynamo-troubleshoot
Pass
Audited by Gen Agent Trust Hub on Jun 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes
kubectlcommands through thescripts/collect_dynamo_debug_bundle.pyscript to retrieve cluster metadata and logs. The script uses thesubprocess.runmethod with a list of arguments rather than a shell string, which is a secure implementation that prevents shell command injection.- [PROMPT_INJECTION]: The skill processes untrusted data from container logs and Kubernetes events, which creates a surface for indirect prompt injection attacks. If a malicious container prints instructions to its logs, an agent reading those logs could potentially be influenced. - Ingestion points: Container logs and pod descriptions retrieved via
kubectlinscripts/collect_dynamo_debug_bundle.py. - Boundary markers: Absent; the collected data is stored as plain text files.
- Capability inventory: Command execution (
kubectl) and local file system access (writing debug bundles). - Sanitization: The script performs regex-based redaction of secrets and credentials but does not sanitize the logs for instructional content.- [SAFE]: The skill includes robust security measures for its diagnostic functions, such as a redaction engine that targets common sensitive patterns (tokens, passwords, bearer headers, and Hugging Face keys) before data is saved. Additionally, it uses
tempfile.mkdtempto create directories with restricted (0700) permissions and adheres to a read-only operational model as documented in its instructions.
Audit Metadata