argocd-gitops
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- [EXTERNAL_DOWNLOADS / REMOTE_CODE_EXECUTION] (HIGH): The installation instructions command the agent to execute a remote manifest directly into the cluster:
kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml. - Evidence: The URL belongs to 'argoproj'. While a legitimate project, 'argoproj' is not on the Trusted GitHub Organizations list. Piped or direct application of remote content to a cluster is a high-risk pattern.
- [CREDENTIALS_UNSAFE] (MEDIUM): The skill provides commands that explicitly extract and display sensitive administrative credentials in the shell/agent context.
- Evidence:
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -din SKILL.md. This exposes the initial admin password directly to the agent's output/logs. - [INDIRECT PROMPT INJECTION] (HIGH): The skill creates a high-privilege bridge between external, untrusted Git repositories and the internal Kubernetes cluster state.
- Ingestion points:
repoURLfields inApplicationandApplicationSetresources target external repositories (e.g.,https://github.com/org/myapp-manifests.git). - Boundary markers: Absent. There is no instruction to the agent to validate the source or contents of the repositories before configuration.
- Capability inventory: High. The skill utilizes
kubectlandargocdCLI to modify cluster state, create namespaces, and deploy applications. - Sanitization: Absent. The agent is instructed to automate deployments directly from the specified paths.
- [COMMAND_EXECUTION] (MEDIUM): The skill requires the agent to run powerful CLI tools (
kubectl,argocd) with cluster-admin level impact, including port-forwarding and credential management.
Recommendations
- AI detected serious security threats
Audit Metadata