dynamo-troubleshoot

Pass

Audited by Gen Agent Trust Hub on Jun 18, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill executes kubectl commands through the scripts/collect_dynamo_debug_bundle.py script to retrieve cluster metadata and logs. The script uses the subprocess.run method with a list of arguments rather than a shell string, which is a secure implementation that prevents shell command injection.- [PROMPT_INJECTION]: The skill processes untrusted data from container logs and Kubernetes events, which creates a surface for indirect prompt injection attacks. If a malicious container prints instructions to its logs, an agent reading those logs could potentially be influenced.
  • Ingestion points: Container logs and pod descriptions retrieved via kubectl in scripts/collect_dynamo_debug_bundle.py.
  • Boundary markers: Absent; the collected data is stored as plain text files.
  • Capability inventory: Command execution (kubectl) and local file system access (writing debug bundles).
  • Sanitization: The script performs regex-based redaction of secrets and credentials but does not sanitize the logs for instructional content.- [SAFE]: The skill includes robust security measures for its diagnostic functions, such as a redaction engine that targets common sensitive patterns (tokens, passwords, bearer headers, and Hugging Face keys) before data is saved. Additionally, it uses tempfile.mkdtemp to create directories with restricted (0700) permissions and adheres to a read-only operational model as documented in its instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 18, 2026, 04:34 PM
Security Audit — agent-trust-hub — dynamo-troubleshoot