devops-engineer
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill contains numerous scripts designed to execute high-privilege system commands. For example,
references/incident-response.mdincludescollect-evidence.shandgame-dayscripts that usekubectl,tcpdump, andslack-cli.references/platform-engineering.mdprovidescreate-service.shwhich executesghandgitcommands to modify repositories. - [PROMPT_INJECTION]: The skill is susceptible to Indirect Prompt Injection (Category 8) due to its operational model.
- Ingestion points:
references/incident-response.mdcontains thecollect-evidence.shscript which ingests pod logs, cluster state (YAML), and database activity.references/platform-engineering.mdincludes a FastAPI-based Platform API that processesServiceRequestobjects from external users. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands are present when processing ingested logs or metadata.
- Capability inventory: The skill possesses extensive capabilities across all reference files, including subprocess execution of
kubectl,terraform,docker, andghcommands, as well as the ability to patch Kubernetes deployments via Python scripts (IncidentRemediator). - Sanitization: The provided automation templates do not include explicit sanitization or validation logic for external content before it is processed or used in decision-making workflows.
Audit Metadata