k8s-manifest-security-auditor
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: No malicious behavior or security vulnerabilities were identified in the skill instructions or scripts.
- [COMMAND_EXECUTION]: The script 'scripts/main.py' performs local analysis and does not use shell commands or external processes.
- [EXTERNAL_DOWNLOADS]: The skill requires 'PyYAML', which is a standard and well-known dependency for YAML processing.
- [SAFE]: Indirect prompt injection surface analysis: 1. Ingestion points: 'manifests_yaml' and 'manifest_path' in 'scripts/main.py'. 2. Boundary markers: Analysis results are returned in a structured JSON format. 3. Capability inventory: No network, shell execution, or unsafe file-write capabilities are present. 4. Sanitization: The script uses 'yaml.safe_load_all' to prevent execution during the parsing of manifests.
Audit Metadata