gitops-cluster-debug
Pass
Audited by Gen Agent Trust Hub on Mar 15, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a legitimate tool for debugging Flux CD installations on Kubernetes clusters. It uses a restricted toolset (
mcp__flux-operator-mcp__*) and defines structured analytical workflows. - [CREDENTIALS_UNSAFE]: The skill includes a specific security rule preventing the reading of Kubernetes Secret values, explicitly stating that the MCP server returns empty values for the data field, which mitigates risks of credential theft during debugging sessions.
- [COMMAND_EXECUTION]: While the skill has the capability to apply Kubernetes resources to the cluster, it enforces a safety policy requiring explicit user consent before any write operations and warns against manual changes to Flux-managed resources.
- [PROMPT_INJECTION]: The skill has a theoretical attack surface for indirect prompt injection due to the ingestion of untrusted cluster data (logs, events, resource specs). However, the risk is minimized by the skill's focus on troubleshooting and diagnostic reporting.
- Ingestion points: Kubernetes logs, events, and resource specifications enter the agent context via the
get_kubernetes_logsandget_kubernetes_resourcestools (SKILL.md). - Boundary markers: No explicit delimiters are defined for the untrusted data read from the cluster.
- Capability inventory: The skill possesses the capability to modify the cluster state using the
apply_kubernetes_resourcetool (SKILL.md). - Sanitization: There is no evidence of explicit sanitization or filtering of external content before it is processed by the agent.
Audit Metadata