cert-manager-setup
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTIONNO_CODE
Full Analysis
- Prompt Injection (HIGH): The skill exposes a significant vulnerability surface for indirect prompt injection by granting powerful capabilities without associated safety constraints.
- Ingestion points: Processes untrusted requests and data related to certificate management and infrastructure setup (SKILL.md).
- Boundary markers: No delimiters (e.g., XML tags or triple quotes) or specific instructions to ignore embedded commands are present in the skill definition.
- Capability inventory: The skill explicitly enables high-risk tools: 'Bash', 'Write', 'Edit', 'Read', and 'Grep'.
- Sanitization: There is no evidence of input validation, filtering, or escaping logic to handle potentially malicious payloads within the processed user content.
- Command Execution (HIGH): The inclusion of the 'Bash' tool allows the agent to execute arbitrary system-level commands. Without safety boundaries, an attacker could use indirect prompt injection to trigger malicious shell operations.
- No Code (INFO): The analyzed file is a metadata manifest (SKILL.md) containing no executable scripts, which prevents the detection of static malicious patterns but highlights the risk inherent in the defined capability profile.
Recommendations
- AI detected serious security threats
Audit Metadata