upgrading-chart
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- EXTERNAL_DOWNLOADS (LOW): The skill downloads Helm charts from the Bitnami repository using
helm pull. While Bitnami is a reputable source, it is not included in the predefined trusted organizations list. This finding is downgraded to LOW as it is essential for the skill's primary function. - COMMAND_EXECUTION (LOW): The skill executes multiple shell commands (
helm,git,docker compose) to validate and apply upgrades. It runshelm lintandhelm templateon downloaded third-party content, which processes external template logic. This is downgraded to LOW per the primary skill purpose rule. - PROMPT_INJECTION (LOW): The skill exhibits an indirect prompt injection surface (Category 8) by processing data from external GitHub repositories.
- Ingestion points: Steps in
chart-upgrade-process.mdandimage-upgrade-process.mdinvolve reading Bitnami's CHANGELOGs and Dockerfiles on GitHub. - Boundary markers: Absent. The agent is instructed to read external content and extract specific values without clear delimiters or instructions to ignore embedded text.
- Capability inventory: Subprocess execution (
helm,docker), repository-wide file writing, and modification of CI/CD workflows in.github/workflows/. - Sanitization: The skill implements a version compatibility check to block major version jumps, but it does not sanitize or filter the content of the external documentation it reads.
Audit Metadata