bobo-skill
Pass
Audited by Gen Agent Trust Hub on Apr 7, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
scripts/generate_bobo.pyto generate the Kubernetes YAML manifests. This is a standard functional component of the skill's design. - [DATA_EXPOSURE_AND_EXFILTRATION]: The skill references a container image located at
quay.io/cooloo9871/bobo:latest. This image is hosted on a well-known container registry and belongs to the skill's author, posing no unexpected security risk. - [INDIRECT_PROMPT_INJECTION]: The skill processes user-supplied data (image name and replica count) to populate a configuration template.
- Ingestion points: Parameters are passed from the user's prompt to the
generate_bobo.pyscript viaSKILL.mdinstructions. - Boundary markers: Not present; the skill relies on the agent to correctly pass the requested values.
- Capability inventory: The associated script only performs string formatting and prints to the console; it lacks system-level capabilities such as file writing, network access, or command execution beyond the generation itself.
- Sanitization: Input is interpolated directly into the template string without specific sanitization, but given the lack of dangerous capabilities, the risk is negligible.
Audit Metadata