configmap-secret
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [DATA_EXFILTRATION] (HIGH): The skill documentation includes a command that directly reads a sensitive local file path:
kubectl create secret generic my-secret --from-file=ssh-privatekey=~/.ssh/id_rsa. According to security protocols, accessing paths like~/.ssh/id_rsais classified as high-severity data exposure even without a corresponding network transmission. - [CREDENTIALS_UNSAFE] (MEDIUM): The skill contains hardcoded credentials in both plain text and Base64 format (e.g.,
password=secret123,YWRtaW4=,c2VjcmV0MTIz). While these appear to be intended as placeholders for tutorial purposes, they represent a risk if used in production or if an agent adopts them as literal values.
Recommendations
- AI detected serious security threats
Audit Metadata