Skills
skills/akin-ozer/cc-devops-skills/k8s-yaml-validator/Gen Agent Trust Hub

k8s-yaml-validator

Pass

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill downloads Kubernetes Custom Resource Definition (CRD) schemas from a community-maintained repository on GitHub (datreeio/CRDs-catalog) during the execution of kubeconform. This is a standard practice for validating CRDs against known schemas.
  • [EXTERNAL_DOWNLOADS]: The detect_crd_wrapper.sh script may download and install the pyyaml package from PyPI into a temporary virtual environment if it is not already available on the system. PyPI is a trusted repository for Python packages.
  • [COMMAND_EXECUTION]: The skill executes several local CLI tools including yamllint, kubeconform, and kubectl. These executions are limited to validation and dry-run operations on user-provided YAML files and do not include any state-changing commands or privilege escalation.
  • [PROMPT_INJECTION]: The skill includes extensive defensive instructions ('Read-Only Boundary', 'REPORT ONLY') designed to prevent the agent from accidentally modifying user files or bypassing safety constraints. No malicious injection patterns were detected.
  • [DATA_EXFILTRATION]: While the skill interacts with a Kubernetes cluster via kubectl apply --dry-run=server, this is a standard administrative operation. No evidence was found of sensitive data being sent to unauthorized external endpoints.
  • [INDIRECT_PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection as it parses and displays content from user-provided YAML files. However, it implements strong boundary instructions to treat these files as data for reporting only, and it uses safe parsing libraries (e.g., yaml.safe_load) to mitigate execution risks.
  • Ingestion points: User-provided Kubernetes YAML files (TARGET_FILE) are read by multiple tools and scripts.
  • Boundary markers: Explicit 'REPORT ONLY' and 'Read-Only Boundary' sections are present in SKILL.md to constrain agent behavior.
  • Capability inventory: The skill uses subprocess calls for validation tools but explicitly forbids the use of file-writing or editing tools.
  • Sanitization: Uses yaml.safe_load in Python scripts and specialized linters/validators for processing input data.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 4, 2026, 08:52 AM