Skills
skills/joelhooks/joelclaw/k8s/Gen Agent Trust Hub

k8s

Pass

Audited by Gen Agent Trust Hub on Mar 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill requires executing high-privilege commands to manage the infrastructure, including using ssh to access the Colima VM, sudo for host-level kernel modules and service management, and kubectl exec for container interaction.
  • [EXTERNAL_DOWNLOADS]: Fetches Kubernetes manifests and Helm charts from external sources, including Rancher's GitHub repository for the local-path-provisioner and official Kubernetes-sigs repositories for metrics-server. It also utilizes Helm repositories from LiveKit and Nerkho.
  • [PROMPT_INJECTION]: The 'Agent Runner' feature introduces a surface for indirect prompt injection by accepting and executing tasks provided via base64-encoded metadata (TASK_PROMPT_B64).
  • Ingestion points: Request metadata fields including TASK_PROMPT_B64 and VERIFICATION_COMMANDS_B64 in the SKILL.md Agent Runner section.
  • Boundary markers: No specific delimiters or safety instructions are defined to separate task data from agent instructions.
  • Capability inventory: Extensive capabilities including cluster-wide kubectl access, docker operations, and ssh access to the host VM (references/operations.md).
  • Sanitization: The skill relies on base64 encoding for transport but does not specify validation or sanitization of the decoded task content.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 8, 2026, 05:43 PM