ArgoRollouts
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): The files references/cli-commands.md and references/summary.md instruct the agent to download and install binaries from https://github.com/argoproj/argo-rollouts/. Since 'argoproj' is not a predefined trusted organization, this constitutes an unverified external download that leads to execution. Evidence: 'curl -LO https://github.com/argoproj/argo-rollouts/releases/latest/download/kubectl-argo-rollouts-...'.
- [Privilege Escalation] (HIGH): The installation instructions in references/cli-commands.md and references/summary.md utilize 'sudo mv' to install the CLI tool into /usr/local/bin/, which requires elevated system privileges. Evidence: 'sudo mv kubectl-argo-rollouts-* /usr/local/bin/kubectl-argo-rollouts'.
- [Unverifiable Dependencies & Remote Code Execution] (HIGH): references/summary.md contains a command to apply a remote Kubernetes manifest directly. This allows unverified code to be executed within a cluster environment. Evidence: 'kubectl apply -n argo-rollouts -f https://github.com/argoproj/argo-rollouts/releases/latest/download/install.yaml'.
- [Indirect Prompt Injection] (LOW): The skill possesses an attack surface where it processes external, untrusted Kubernetes YAML files through commands like 'kubectl argo rollouts lint'. Mandatory Evidence Chain: 1. Ingestion points: rollout.yaml via the lint command in references/cli-commands.md. 2. Boundary markers: Absent. 3. Capability inventory: System command execution, file system access, and network requests via the CLI tool. 4. Sanitization: Absent.
Recommendations
- AI detected serious security threats
Audit Metadata