exa-load-scale
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill leverages
k6andkubectlvia Bash to perform load tests and manage Kubernetes scaling. These operations are core to the skill's primary purpose and are constrained by wildcard patterns in the allowed-tools configuration. - [PRIVILEGE_ESCALATION] (LOW): The documentation provides an example command
sudo apt install k6for Linux installation. While this involves elevated privileges, it is a standard setup procedure for the required testing tool. - [CREDENTIALS_UNSAFE] (SAFE): No hardcoded secrets were detected. The skill correctly references
EXA_API_KEYthrough environment variables in both shell scripts and application code. - [INDIRECT_PROMPT_INJECTION] (LOW):
- Ingestion points: System metrics are processed by the
estimateExaCapacityfunction in SKILL.md. - Boundary markers: None present to distinguish between trusted and untrusted metric data.
- Capability inventory: The skill has the capability to modify infrastructure via
kubectlbased on analyzed metrics. - Sanitization: No validation or sanitization is performed on the metric values before they are used to generate scaling recommendations.
Audit Metadata