ArgocdAppInstall
Pass
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION]: The skill executes several shell commands (git, kubectl, argocd, pre-commit) using variables such as and derived from user input. These strings are interpolated into commands without documented sanitization, which could lead to command injection if malicious input is provided. Evidence:
kubectl get applicationset -n argocd <service-name>andgit add argo-cd-helm-values/kube-addons/<service-name>/inWorkflows/CreateApplicationSet.md.- [COMMAND_EXECUTION]: The workflow runspre-commit run --all-files, which executes hooks defined in the repository configuration. This is a potential vector for local code execution if the configuration file is untrusted. Evidence:Workflows/CreateApplicationSet.mdandWorkflows/ValidateApplicationSet.md.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface as it ingests user-provided metadata to generate Kubernetes manifests and execute system commands. - Ingestion points: Service names, chart URLs, and version strings provided by users in
Workflows/CreateApplicationSet.md. - Boundary markers: None; user input is used directly in file paths and command arguments.
- Capability inventory: File system writes (mkdir, touch), Git operations (add, commit), and Kubernetes CLI execution (kubectl, argocd).
- Sanitization: The skill does not specify any validation or escaping of user-provided strings.- [EXTERNAL_DOWNLOADS]: The skill communicates with a local notification service via
curlathttp://localhost:8888/notify. Evidence:SKILL.mdand workflow files.- [EXTERNAL_DOWNLOADS]: The skill references an external Git repository on Azure DevOps for configuration synchronization. Evidence:https://hyperadevops@dev.azure.com/hyperadevops/devops-team/_git/argocdinClusterInventory.md.
Audit Metadata