devops-engineer
Pass
Audited by Gen Agent Trust Hub on Feb 23, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its core functionality of ingesting and acting upon untrusted external data.
- Ingestion points: Reads container logs (
kubectl logs), cluster resource states (kubectl get all), and observability metrics viaprometheus_api_clientinreferences/incident-response.md. - Boundary markers: Absent. The provided scripts and templates do not utilize delimiters or explicit instructions to ignore embedded commands within ingested logs or metrics.
- Capability inventory: Includes powerful operational capabilities such as deployment rollbacks (
kubectl rollout undo), environment variable modification (kubectl set env), scaling resources, and repository management via theghCLI. - Sanitization: There is no evidence of content sanitization or validation for data retrieved from logs or external metrics before it is processed by the agent's logic.
- [COMMAND_EXECUTION]: Includes automation scripts and configuration patterns that utilize standard DevOps CLI tools including
kubectl,terraform,docker, andgh. These commands are contextually appropriate for the professional role defined in the skill. - [EXTERNAL_DOWNLOADS]: Fetches components from well-known and trusted sources, including official GitHub Actions (e.g.,
actions/checkout,docker/build-push-action) and container registries likeghcr.io. - [CREDENTIALS_UNSAFE]: Demonstrates strong security posture by explicitly prohibiting the storage of secrets in code or environment files, recommending the use of dedicated secret managers (e.g., AWS Secrets Manager, Vault) and the External Secrets Operator.
Audit Metadata