Skills
skills/eng0ai/eng0-template-skills/kubecon-llm-k8s/Gen Agent Trust Hub

kubecon-llm-k8s

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS] (MEDIUM): The skill clones a repository from https://github.com/Eng0AI/kubecon-llm-k8s-template.git. This organization is not on the trusted list, meaning the code being pulled into the environment is unverifiable.
  • [COMMAND_EXECUTION] (MEDIUM): The instructions prompt the agent to run pnpm install immediately after cloning the untrusted repository. This presents a risk of Remote Code Execution (RCE) if the repository contains malicious lifecycle scripts (e.g., preinstall, postinstall) in its package.json file.
  • [CREDENTIALS_UNSAFE] (LOW): The skill utilizes $VERCEL_TOKEN within shell commands for deployment. While the token is not hardcoded, the agent is directed to handle sensitive credentials that could be exposed if the execution environment is compromised or if the agent logs the command output.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:11 PM