promotion-pipeline
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes several standard command-line tools, including
kubectl,flux, andgh, to manage and inspect deployment states. It references sensitive Kubernetes configuration files in the~/.kube/directory (e.g.,integration.yaml,live.yaml) to switch cluster contexts. - [PROMPT_INJECTION]: The skill contains an attack surface for indirect prompt injection by instructing the agent to ingest data from external, potentially untrusted sources.
- Ingestion points: The agent is directed to retrieve content from GitHub Action logs using
gh run view --logand to inspect Kubernetes resource metadata usingkubectl describeorkubectl get -o yaml. - Boundary markers: No specific boundary markers or instructions are provided to the agent to treat external log content or resource descriptions as data rather than instructions.
- Capability inventory: The skill grants the agent the ability to execute system commands, modify cluster states via
fluxandkubectl, and interact with repository workflows. - Sanitization: There is no logic provided to sanitize or validate the content retrieved from GitHub logs or cluster objects before it is processed by the agent.
Audit Metadata