kargo-skill
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- Remote Code Execution (CRITICAL): Automated scan confirmed a piped remote execution pattern using
curl -L https://raw.githubusercontent.com/akuity/kargo/main/hack/quickstart/install.sh | sh. The source organization 'akuity' is not in the trusted list, making this a confirmed critical risk. - Data Exposure (HIGH): The expressions engine exposes a
secret()function inreferences/expressions.mdthat allows reading sensitive Kubernetes Secrets (e.g.,${{ secret("my-secret").apiKey }}), facilitating credential exposure. - Command Execution (MEDIUM): The documentation includes
unsafeQuote()and regexmatchescapabilities which can be misused to construct malicious payloads for downstream command execution. - Indirect Prompt Injection (LOW): The skill lacks sanitization for untrusted data entry points such as
varsandctx.metawhich are interpolated into expressions. Capability inventory includes Kubernetes secret access and HTTP operations. No boundary markers or sanitization logic are documented.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/akuity/kargo/main/hack/quickstart/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata