k8s-resource-optimizer
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFENO_CODE
Full Analysis
- Prompt Injection (SAFE): No behavior-override or safety bypass instructions were found in the metadata or descriptions.
- Data Exposure & Exfiltration (SAFE): No hardcoded credentials, sensitive file path access, or unauthorized network operations were identified.
- Obfuscation (SAFE): No encoded content, zero-width characters, or homoglyphs were detected.
- Unverifiable Dependencies & Remote Code Execution (SAFE): The skill does not reference or download any external packages or remote scripts.
- Privilege Escalation (SAFE): No commands involving sudo, chmod, or other permission-altering operations were found.
- Persistence Mechanisms (SAFE): No attempts to establish persistence on the host system were identified.
- Metadata Poisoning (SAFE): Metadata is consistent with the stated purpose and contains no deceptive instructions.
- Indirect Prompt Injection (SAFE): 1. Ingestion points: manifest_path and usage_metrics. 2. Boundary markers: None. 3. Capability inventory: No executable scripts or subprocess calls. 4. Sanitization: Not applicable as no code is present. The skill lacks the capabilities to execute instructions potentially embedded in the input data.
- Dynamic Execution (SAFE): No runtime code generation, compilation, or unsafe deserialization patterns were detected.
- No Code (SAFE): The skill consists only of metadata and configuration, with no executable code logic provided, which inherently minimizes the attack surface.
Audit Metadata