helm-generator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill runs local shell scripts (
scripts/generate_chart_structure.shandscripts/generate_standard_helpers.sh) to scaffold project directories. These scripts are safe as they are bundled with the skill and implement regex-based validation for user-provided parameters like the chart name and service ports.\n- [PROMPT_INJECTION]: Indirect Prompt Injection Surface. The skill is designed to process user requirements and external documentation (via WebSearch/MCP) to generate Kubernetes resource templates. \n - Ingestion points: User requirement gathering (Stage 1) and external documentation lookup (Stage 2) in
SKILL.md.\n - Boundary markers: The skill provides a set of trusted static reference files in the
references/directory, which the agent is required to read before template generation to ensure adherence to established patterns.\n - Capability inventory: Execution of local bash scripts and the ability to create/write files in the local environment.\n
- Sanitization: The scaffolding scripts validate inputs against naming standards (DNS-1123) and numeric ranges for ports, reducing the risk of malicious command injection via generated variables.
Audit Metadata