k8s-yaml-generator
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [SAFE]: No malicious patterns or behaviors were detected. The skill implements security-focused Kubernetes patterns, such as Pod Security Standards (PSS) compliance, non-root execution, and resource limits by default.
- [COMMAND_EXECUTION]: The skill uses shell commands to invoke validation tools (
kubectl,yamllint,kubeconform) on generated manifests. These commands are used for syntax and schema verification, including connectivity-aware dry-runs. - [PROMPT_INJECTION]: Identified a surface for indirect prompt injection as the skill processes user-supplied resource names, images, and configuration data. The risk is mitigated by the inclusion of mandatory validation steps and DNS-1123 resource name normalization.
- [SAFE]: RBAC examples provided in the skill follow the principle of least privilege, and higher-privilege examples (such as ClusterRoles) include prominent security warnings for the user.
Audit Metadata