Skills
skills/hainamchung/agent-assistant/kubernetes-specialist/Gen Agent Trust Hub

kubernetes-specialist

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADS
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill explicitly recommends and provides commands for executing remote scripts directly from the internet using the dangerous curl | sh pattern in references/service-mesh.md for both Istio and Linkerd installations.
  • COMMAND_EXECUTION (MEDIUM): Documentation in references/storage.md and references/workloads.md provides templates for high-privilege operations, including privileged: true security contexts and hostPath volume mounts, which can be leveraged for container escape and host system compromise.
  • EXTERNAL_DOWNLOADS (LOW): The skill references external YAML manifests from unverified GitHub repositories (e.g., istio/istio samples) for installing dashboard components like Kiali and Jaeger in references/service-mesh.md.
  • CREDENTIALS_UNSAFE (LOW): Reference files (references/configuration.md) contain hardcoded dummy credentials, API key patterns (e.g., sk-1234...), and private key headers. While these appear to be placeholders for documentation purposes, they provide a template that encourages hardcoding sensitive data in YAML manifests.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:44 PM