Skills
skills/zjy365/sealos-skills/sealos-canvas/Gen Agent Trust Hub

sealos-canvas

Pass

Audited by Gen Agent Trust Hub on Jun 15, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [DYNAMIC_EXECUTION]: The script scripts/generate-canvas.mjs executes kubectl using node:child_process to retrieve live cluster information. The tool uses the --insecure-skip-tls-verify flag during these calls, which bypasses certificate validation for the Kubernetes API.
  • [DATA_EXPOSURE_AND_EXFILTRATION]: The skill reads the user's Kubernetes configuration file at ~/.sealos/kubeconfig to facilitate resource discovery. It also scans and reads the contents of various repository files, such as tailwind.config.js and package.json, to extract theme settings and project metadata.
  • [INDIRECT_PROMPT_INJECTION]: The skill reads and processes untrusted data from the Kubernetes API and local repository files, which are then rendered into a local UI and returned to the agent context.
  • Ingestion points: .sealos/state.json, ~/.sealos/kubeconfig, kubectl output (JSON and go-template formats), and local repository files including tailwind.config.js, package.json, and CSS files.
  • Boundary markers: None identified; data is interpolated directly into the HTML template and the JSON output returned to the agent.
  • Capability inventory: Subprocess execution of kubectl via execFileSync, file system writes to create the local UI cache in .sealos/canvas/, and node:http server instantiation for the local viewer.
  • Sanitization: The script implements escapeHtml for UI elements and applies JSON-safe escaping for model data in the script and template JS.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 15, 2026, 03:35 AM
Security Audit — agent-trust-hub — sealos-canvas