rancher-resource-discovery
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection because it processes untrusted data from Kubernetes clusters.
- Ingestion points: Resource metadata (names, labels, descriptions) is ingested via
kubernetes_get_allandkubernetes_describeinSKILL.md. - Boundary markers: There are no explicit delimiters or instructions provided to the agent to treat discovered resource metadata as untrusted or to ignore instructions embedded within those fields.
- Capability inventory: The agent can generate tasks and launch sub-agents based on the contents of the discovered metadata, which could lead to unintended actions if a resource is named maliciously.
- Sanitization: No sanitization or validation of the cluster metadata is performed before it is interpolated into agent prompts.
Audit Metadata