k8s-yaml-validator
Pass
Audited by Gen Agent Trust Hub on Mar 28, 2026
Risk Level: SAFE
Full Analysis
- [COMMAND_EXECUTION]: The skill executes local validation tools.
- It uses yamllint, kubeconform, and kubectl to analyze manifest files for errors.
- Shell scripts like detect_crd_wrapper.sh and setup_tools.sh are used to manage the local execution environment.
- [EXTERNAL_DOWNLOADS]: The skill retrieves validation schemas and dependencies from trusted sources.
- kubeconform is configured to fetch Kubernetes CRD schemas from the datreeio CRDs-catalog on GitHub.
- The detect_crd_wrapper.sh script installs the standard pyyaml library using pip into a temporary virtual environment at runtime.
- [SAFE]: The skill enforces robust security boundaries and follows parsing best practices.
- Manifest parsing is performed using yaml.safe_load to prevent malicious code execution from within YAML content.
- Instructions strictly mandate a REPORT-ONLY boundary, explicitly forbidding the agent from modifying user files or offering to apply automated fixes.
Audit Metadata