skills/jeremylongshore/claude-code-plugins-plus-skills/instantly-incident-runbook/Gen Agent Trust Hub
instantly-incident-runbook
Fail
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE]: The skill provides commands to retrieve and decode production API keys from Kubernetes secrets via
kubectl get secret ... | base64 -d, exposing sensitive credentials to the agent's context.\n- [COMMAND_EXECUTION]: The runbook includes commands to modify production infrastructure, such as updating secrets and restarting deployments, which involve high-privilege operations.\n- [DATA_EXFILTRATION]: By outputting decoded secrets to the terminal, the skill risks exposing sensitive authentication data within the agent's execution session and history.\n- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection because it ingests and processes untrusted data from log files and external status pages without sanitization or boundary markers.\n - Ingestion points: Kubernetes logs (
kubectl logs) and external status pages (https://status.instantly.com).\n - Boundary markers: None identified.\n
- Capability inventory: Includes
kubectlandcurlaccess.\n - Sanitization: No filtering or validation of external input detected.
Recommendations
- AI detected serious security threats
Audit Metadata