gitops-cluster-debug
Pass
Audited by Gen Agent Trust Hub on Mar 16, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its interaction with untrusted cluster data.
- Ingestion points: The agent reads live data from the cluster via
get_kubernetes_resources(status, events, annotations) andget_kubernetes_logs(pod stdout/stderr). - Boundary markers: The instructions do not define clear delimiters or specific warnings to ignore instructions embedded within the data retrieved from the cluster.
- Capability inventory: The skill allows the agent to modify cluster state using the
apply_kubernetes_resourcetool and change active environments viaset_kubeconfig_context. - Sanitization: There is no mention of filtering or sanitizing the content of logs or resource metadata before processing.
- [COMMAND_EXECUTION]: The skill provides the agent with powerful tools to manage a Kubernetes cluster. While necessary for the debugging use case, the ability to apply arbitrary YAML manifests (
apply_kubernetes_resource) and switch contexts (set_kubeconfig_context) represents a high-privilege interface that could be abused if the agent's logic is subverted.
Audit Metadata