incident
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Indirect Prompt Injection (HIGH): This skill exhibits a dangerous combination of untrusted data ingestion and high-privilege capabilities.
- Ingestion points: The skill reads external content through
grepon/var/log/app.logandkubectl logs. Logs frequently contain data from user-supplied request headers, error messages, and stack traces. - Boundary markers: There are no delimiters or 'ignore' instructions specified to prevent the agent from obeying instructions embedded within the logs.
- Capability inventory: The skill allows the agent to execute
kubectl rollout undo,kubectl scale, andcurl -X POSTto administrative endpoints. This allows for significant modification of production infrastructure. - Sanitization: No sanitization or filtering of log content is implemented.
- Command Execution (HIGH): The skill provides the agent with direct access to production-grade tools (
kubectl,psql,curl) with write access. While necessary for the stated purpose of 'incident response', the lack of human-in-the-loop checkpoints for infrastructure modification is a significant security risk.
Recommendations
- AI detected serious security threats
Audit Metadata