Skills
skills/ionfury/homelab/k8s/Gen Agent Trust Hub

k8s

Pass

Audited by Gen Agent Trust Hub on Feb 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill makes extensive use of the kubectl and flux command-line interfaces to manage system resources and cluster state. It also utilizes wget and curl to interact with internal service APIs.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because it processes untrusted data from the cluster environment.
  • Ingestion points: Untrusted data enters the context through kubectl logs, kubectl get events, and flux get commands as described in SKILL.md.
  • Boundary markers: No explicit delimiters or instructions are provided to the agent to ignore embedded commands within the fetched data.
  • Capability inventory: The skill has access to shell execution, cluster authentication secrets, and internal network tools (curl, wget).
  • Sanitization: No validation or sanitization is performed on the output of cluster commands before processing.
  • [DATA_EXFILTRATION]: The skill accesses sensitive cluster credentials stored in the local file system at ~/.kube/dev.yaml, ~/.kube/integration.yaml, and ~/.kube/live.yaml to establish connectivity.
  • [SAFE]: The skill provides references to well-known technology documentation sites, such as grafana.github.io and prometheus-io, for researching service configurations.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 25, 2026, 03:02 PM