debug
Pass
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes command-line tools including
kubectl,helm, andawsto query the status and configuration of the LlamaCloud environment. It includes a specific instruction to ask for user consent before executing commands likekubectl execto maintain transparency. - [CREDENTIALS_UNSAFE]: The skill accesses highly sensitive Kubernetes Secrets and configuration data, including database passwords (
postgresql-secret,mongodb-secret) and AI provider API keys (openai-api-key-secret,anthropic-api-key-secret). To mitigate risk, the instructions include a mandatory "Critical rule" to mask all secrets and run a regex sweep for credential patterns before saving any data into the finaldebug-report.md. - [PROMPT_INJECTION]: The skill processes untrusted external data such as pod logs (
kubectl logs) and system events (kubectl get events). This creates a surface for indirect prompt injection where an attacker could influence the agent by placing malicious instructions within log outputs. - Ingestion points: pod logs and cluster events in
SKILL.md(Step 2). - Boundary markers: The skill uses fenced code blocks in its output report but does not explicitly define markers when processing logs into the agent's reasoning context.
- Capability inventory: The skill can perform shell commands (
kubectl exec) and network requests (curl) during Phase 4/Step 3 diagnostics. - Sanitization: The skill enforces a mandatory secret-masking process and a strict "read-only" rule to prevent modification of the cluster environment.
Audit Metadata