clay-incident-runbook
Fail
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to retrieve and decode Kubernetes secrets containing sensitive API keys using
kubectl get secret clay-secrets -o jsonpath='{.data.api-key}' | base64 -d. This exposes raw credentials in the process output. - [COMMAND_EXECUTION]: The skill executes powerful administrative commands that modify the state of the production cluster, including updating secrets (
kubectl apply), changing deployment environment variables (kubectl set env), and triggering service restarts (kubectl rollout restart). - [EXTERNAL_DOWNLOADS]: The skill attempts to execute a script located at
./scripts/clay-debug-bundle.sh. This file was not provided in the skill package, making its behavior unverifiable and potentially dangerous if it performs unauthorized network or file operations. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests untrusted data from external sources, specifically application logs via
kubectl logsand health check responses viacurl. These data streams are processed without sanitization or clear boundary markers, allowing potential attackers to influence agent behavior through log-embedded instructions.
Recommendations
- AI detected serious security threats
Audit Metadata