Skills
skills/jeremylongshore/claude-code-plugins-plus-skills/vastai-incident-runbook/Gen Agent Trust Hub

vastai-incident-runbook

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [CREDENTIALS_UNSAFE]: The runbook includes a command to extract and decode a Kubernetes secret (vastai-secrets). The command kubectl get secret vastai-secrets -o jsonpath='{.data.api-key}' | base64 -d directly exposes sensitive API keys in plaintext within the agent's execution environment.
  • [COMMAND_EXECUTION]: The skill requires and utilizes high-privilege access to a production Kubernetes cluster via kubectl. It performs sensitive operations including secret creation (kubectl create secret), environment variable modification (kubectl set env), and deployment restarts (kubectl rollout restart).
  • [COMMAND_EXECUTION]: The skill attempts to execute a script located at ./scripts/vastai-debug-bundle.sh. Since this script is not part of the provided skill files, its logic is unverifiable and presents a risk of executing unintended or malicious code present on the host system.
  • [COMMAND_EXECUTION]: The skill is susceptible to Indirect Prompt Injection. Evidence: (1) Ingestion points: kubectl logs and curl https://api.yourapp.com/health. (2) Boundary markers: None present. (3) Capability inventory: Full kubectl access and bash execution. (4) Sanitization: No escaping or validation is performed on log or endpoint data before processing.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 01:54 PM