disaster-recovery-testing
Warn
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: MEDIUMCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill includes hardcoded database connection strings using placeholders like 'user:pass' in both the Kubernetes Job environment variables and the Bash script logic.
- [COMMAND_EXECUTION]: The skill relies on 'sh -c' within container definitions and 'kubectl exec' to run smoke tests and database commands inside the cluster environment.
- [EXTERNAL_DOWNLOADS]: The automation logic installs system utilities (aws-cli, kubectl, jq) at runtime using 'apk add' and retrieves database backup files from external Amazon S3 buckets.
- [PRIVILEGE_ESCALATION]: The implementation includes a 'ClusterRole' configuration granting 'create' permissions on 'pods/exec', which allows the service account to execute arbitrary commands within application pods.
Audit Metadata