chaos-engineer
Warn
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Uses high-privilege commands including sudo to install system packages like stress-ng and modify critical system files such as /etc/hosts to simulate DNS failures.- [COMMAND_EXECUTION]: Executes destructive infrastructure operations via the AWS CLI and boto3, including terminating EC2 instances and force-rebooting RDS database instances.- [COMMAND_EXECUTION]: Performs cluster-level modifications in Kubernetes using kubectl and the kubernetes Python library, such as draining nodes and deleting pods or custom resources.- [EXTERNAL_DOWNLOADS]: Fetches and applies Kubernetes manifests directly from an external URL (litmuschaos.github.io) during the setup of failure injection experiments.- [DATA_EXFILTRATION]: Conducts network operations to external APIs (Gremlin) and queries internal monitoring services (Prometheus) using the requests library.- [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8):
- Ingestion points: Consumes data from Prometheus metrics and external YAML experiment definitions (e.g., in references/chaos-tools.md and references/experiment-design.md).
- Boundary markers: Lacks delimiters or instructions to ignore embedded commands within the ingested data.
- Capability inventory: Possesses extensive system capabilities including arbitrary command execution and cloud provider API access.
- Sanitization: Does not implement validation or sanitization of external metrics or configuration fields before they are used in command construction.
Audit Metadata