kubernetes
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill possesses an inherent attack surface for indirect prompt injection because its primary function involves processing untrusted external data in the form of Kubernetes manifests and Helm charts, which could potentially contain malicious instructions to influence the agent's behavior.
- Ingestion points: External data enters the context through user requests for generating, reviewing, or architecting Kubernetes resources as described in SKILL.md.
- Boundary markers: The skill includes an 'AI Self-Check' list and a set of 'Rules' in SKILL.md that serve as internal guardrails for the agent.
- Capability inventory: The skill is equipped to use powerful command-line utilities including
kubectl,helm,cosign, andcheckov(specified in SKILL.md). - Sanitization: The instructions mandate several validation and scanning steps, such as
helm lint,kubectl apply --dry-run, and security audits using tools likecheckovandkube-score(Workflow section in SKILL.md). - [SAFE]: The skill promotes advanced security practices, such as pinning container images to SHA256 digests and GitHub Actions to specific commit SHAs, to mitigate supply chain risks.
- [SAFE]: Reference manifest templates are consistently hardened, featuring read-only filesystems, non-root user configurations, and explicit resource requests and limits.
Audit Metadata