managing-infra
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [Data Exposure & Exfiltration] (HIGH): File
KUBERNETES.mdcontains a hardcoded credential in a database connection string example (postgres://user:pass@host/db). According to the security guidelines, embedded credentials in connection strings are classified as high severity. - [Indirect Prompt Injection] (HIGH): The skill is designed to process and apply infrastructure manifests using high-privilege tools like
Bashandkubectl. It lacks defined boundary markers or sanitization logic when ingesting potentially untrusted data (e.g., from pull request reviews or external repositories), making it vulnerable to malicious instructions embedded in manifests. - Ingestion points:
KUBERNETES.md,TERRAFORM.md, and external configuration files processed by the agent. - Boundary markers: Absent in provided templates.
- Capability inventory:
Bash,kubectl,Read,Grep,Glob. - Sanitization: No sanitization or validation of manifest content is demonstrated.
- [Unverifiable Dependencies] (MEDIUM): In
templates/ci.yml, thegolangci/golangci-lint-actionis configured to useversion: latest. This is a mutable reference that poses a supply chain risk, which contradicts the security best practices (SHA pinning) recommended in the skill's ownGITHUB-ACTIONS.mdfile.
Recommendations
- AI detected serious security threats
Audit Metadata