ArgoCDReview
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill possesses an indirect prompt injection surface due to ingestion of untrusted data from the cluster environment.\n
- Ingestion points: The skill uses
argocd app logs(inSKILL.mdandTroubleshootSync.md) andargocd app manifests(inReviewResources.md) which retrieve potentially attacker-controlled content from the managed cluster into the agent's context.\n - Boundary markers: Absent. The documentation and workflows do not include any delimiters or instructions for the agent to ignore instructions embedded in the logs or manifests.\n
- Capability inventory: The skill provides commands with high impact on infrastructure, including
argocd app sync,argocd app rollback, andargocd app set(found inRollbackApp.mdandTroubleshootSync.md).\n - Sanitization: Absent. There is no mechanism described for sanitizing or validating the retrieved data before processing.\n- [Command Execution] (SAFE): The commands provided for
argocdandkubectlare standard for the tool's intended use case. No obfuscation, persistence mechanisms, or unauthorized privilege escalation attempts were found.
Audit Metadata