secrets-management
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill utilizes
kubectl execto interact with the OpenBao pod for initialization, unsealing, and secret management. These are standard administrative operations for Kubernetes-based secret vault management and are consistent with the skill's intended purpose. - [CREDENTIALS_UNSAFE] (SAFE): The provided examples for secret storage (e.g.,
username=myuser,password=mypassword) and placeholders (e.g.,<key1>) are generic and do not contain real credentials or sensitive keys. - [DATA_EXFILTRATION] (SAFE): No unauthorized network operations or file access patterns were identified. The skill focuses on synchronizing data within the Kubernetes cluster boundary.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill describes a surface where external data (secrets from OpenBao) is ingested and interpolated into templates. 1. Ingestion points: ExternalSecret resource in SKILL.md. 2. Boundary markers: YAML structure. 3. Capability inventory: kubectl subprocess calls in SKILL.md. 4. Sanitization: Absent. While this is an attack surface, it is a standard implementation of the External Secrets Operator and does not indicate malicious intent.
Audit Metadata