skills/run-llama/helm-charts/debug/Gen Agent Trust Hub

debug

Pass

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes command-line tools including kubectl, helm, and aws to query the status and configuration of the LlamaCloud environment. It includes a specific instruction to ask for user consent before executing commands like kubectl exec to maintain transparency.
  • [CREDENTIALS_UNSAFE]: The skill accesses highly sensitive Kubernetes Secrets and configuration data, including database passwords (postgresql-secret, mongodb-secret) and AI provider API keys (openai-api-key-secret, anthropic-api-key-secret). To mitigate risk, the instructions include a mandatory "Critical rule" to mask all secrets and run a regex sweep for credential patterns before saving any data into the final debug-report.md.
  • [PROMPT_INJECTION]: The skill processes untrusted external data such as pod logs (kubectl logs) and system events (kubectl get events). This creates a surface for indirect prompt injection where an attacker could influence the agent by placing malicious instructions within log outputs.
  • Ingestion points: pod logs and cluster events in SKILL.md (Step 2).
  • Boundary markers: The skill uses fenced code blocks in its output report but does not explicitly define markers when processing logs into the agent's reasoning context.
  • Capability inventory: The skill can perform shell commands (kubectl exec) and network requests (curl) during Phase 4/Step 3 diagnostics.
  • Sanitization: The skill enforces a mandatory secret-masking process and a strict "read-only" rule to prevent modification of the cluster environment.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 24, 2026, 09:35 PM
Security Audit — agent-trust-hub — debug