Container Orchestration
Pass
Audited by Gen Agent Trust Hub on Mar 4, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection attacks because it handles untrusted data that influences agent actions.
- Ingestion points: The skill consumes user-provided application details and environment configurations to generate Kubernetes manifests and execute management commands (e.g., in the 'Example' section).
- Boundary markers: None. The skill does not use delimiters or specific instructions to prevent the agent from following directions potentially embedded in the data it processes.
- Capability inventory: The skill utilizes the
Bashtool forkubectloperations and theWritetool for creating manifest files, which could be exploited if an attacker injects malicious YAML or command arguments. - Sanitization: There is no evidence of input validation, escaping, or sanitization logic to ensure user-supplied data doesn't contain malicious instructions or shell escapes.
- [COMMAND_EXECUTION]: The skill relies on the execution of shell commands to perform its primary function of container orchestration.
- Evidence: The skill defines several
kubectloperations (apply, get, logs, scale, create secret) intended for execution via theBashtool.
Audit Metadata