network-policy
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses standard cluster management tools for its operations.
- Evidence: Executes 'kubectl' and 'hubble' commands to manage policies and observe traffic.
- [COMMAND_EXECUTION]: Includes a privileged procedure to disable network enforcement.
- Evidence: The command 'kubectl label namespace network-policy.homelab/enforcement=disabled' allows bypassing policies but is mitigated by documented monitoring alerts.
- [PROMPT_INJECTION]: The skill processes namespace names and configuration labels, creating a surface for indirect injection.
- Ingestion points: Ingests namespace names and labels from user inputs or environment data.
- Boundary markers: No explicit delimiters or 'ignore embedded instructions' warnings are present.
- Capability inventory: Performs subprocess calls via 'kubectl' and 'hubble'.
- Sanitization: No sanitization or validation of the input strings is explicitly provided in the templates.
Audit Metadata