gcp-gke-troubleshooting
Warn
Audited by Gen Agent Trust Hub on Feb 24, 2026
Risk Level: MEDIUMDATA_EXFILTRATIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill instructs the agent to retrieve sensitive information using commands like
kubectl get secret [NAME] -n wtr-supplier-charges -o yaml. This action exposes the contents of Kubernetes secrets, including potentially sensitive configuration and credentials, to the agent's processing context. - [COMMAND_EXECUTION]: The workflows utilize the Bash tool to execute high-impact commands such as
kubectl patch,kubectl scale, andgcloud projects add-iam-policy-binding. These commands allow the agent to modify the cluster state and GCP project IAM policies. - [COMMAND_EXECUTION]: Instructions suggest reading from local files, specifically
$(cat key.json), which typically contains sensitive service account keys or credentials, for use in creating Kubernetes registry secrets. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it ingests and processes untrusted data from Kubernetes logs and events.
- Ingestion points:
kubectl logs,kubectl describe, andkubectl get eventscommands inSKILL.mdandexamples/examples.md. - Boundary markers: Absent. The instructions do not define delimiters or provide warnings to the agent regarding the content of logs.
- Capability inventory: Extensive capabilities via Bash, including
kubectl(read/write/patch) andgcloud(resource and IAM management). - Sanitization: Absent. Logs and descriptions are displayed and analyzed without filtering.
Audit Metadata