Skills
skills/kikobeats/skills/k8s-hpa-cost-tuning/Gen Agent Trust Hub

k8s-hpa-cost-tuning

Pass

Audited by Gen Agent Trust Hub on Mar 5, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to run kubectl commands and local Node.js scripts to analyze cluster state and performance metrics.
  • [EXTERNAL_DOWNLOADS]: The utility scripts query Datadog's API endpoints to fetch metrics. These network requests target a well-known service for legitimate monitoring purposes.
  • [PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection (Category 8) due to the ingestion of untrusted data and the availability of sensitive capabilities.
  • Ingestion points: The agent processes input from command-line arguments (cluster, namespace, and deployment names) and is designed to analyze production logs and HPA events.
  • Boundary markers: The skill does not implement delimiters or specific instructions to prevent the agent from being influenced by malicious content embedded within the processed logs or metrics.
  • Capability inventory: The agent has the ability to execute shell commands, perform outbound network requests via fetch, and write files to the local disk.
  • Sanitization: Input arguments are used directly in the construction of Datadog queries and file paths without rigorous validation or escaping.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 5, 2026, 12:46 AM