sre
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes administrative Kubernetes commands to perform diagnostics.
- It executes
kubectl execto query internal Prometheus metrics viawgetonlocalhost:9090. - It provides commands to modify namespace labels (
kubectl label), including an emergency procedure to disable network policy enforcement. - It accesses Kubernetes configuration files stored at
~/.kube/<cluster>.yamlfor cluster authentication. - [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing untrusted data from the cluster environment.
- Ingestion points: Retrieves potentially untrusted content via
kubectl logs,kubectl get events, andhubble observe. - Boundary markers: Does not utilize explicit delimiters or markers to isolate log or event data from the agent's instructions.
- Capability inventory: Features administrative capabilities including resource labeling, container execution (
kubectl exec), and Flux lifecycle management. - Sanitization: Does not implement sanitization or filtering for data retrieved from Kubernetes logs or event streams.
Audit Metadata