versions-renovate
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONNO_CODE
Full Analysis
- [COMMAND_EXECUTION]: The skill guides the agent to execute
task renovate:validate. This is a standard command used to verify the syntax and correctness of Renovate configuration files and is consistent with the skill's stated administrative purpose. - [PROMPT_INJECTION]: The skill's workflow involves processing external data, which introduces an indirect prompt injection surface.
- Ingestion points: The agent is instructed to read and modify
kubernetes/platform/versions.env,.github/renovate.json5, and Kubernetes YAML manifests. - Boundary markers: The instructions do not define specific delimiters or guardrails to prevent the agent from following instructions potentially embedded in these configuration files.
- Capability inventory: The agent has the capability to perform file I/O operations and execute shell commands via the
taskrunner. - Sanitization: No explicit validation or sanitization routines are provided for the content read from the external configuration files.
- [NO_CODE]: The skill consists exclusively of markdown documentation and YAML metadata. It does not include any executable scripts, binaries, or automated code blocks.
- [SAFE]: All external references, such as those for Helm charts and container images, point to well-known and reputable services including GitHub and the GitHub Container Registry (GHCR).
Audit Metadata