Docker & Kubernetes Orchestrator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [CREDENTIALS_UNSAFE] (HIGH): Hardcoded credentials detected within configuration examples. Found 'postgresql://postgres:password@db:5432/app' and 'POSTGRES_PASSWORD: password' in Docker Compose sections, as well as 'password: secret123' in Kubernetes Secret manifests.
- [COMMAND_EXECUTION] (HIGH): The skill allows the use of the Bash tool to execute system-level commands including Docker, Kubernetes, and Helm operations. This provides an attacker-controlled pathway if the agent is directed to operate on malicious repositories.
- [PROMPT_INJECTION] (HIGH): Indirect Prompt Injection surface detected. The skill processes untrusted external data (application source code, configuration files like package.json and requirements.txt) via high-privilege tools (Bash). Mandatory Evidence: 1. Ingestion points: User-provided application files during 'docker build' and 'kubectl apply'. 2. Boundary markers: Absent. 3. Capability inventory: 'Bash' tool allowed for 'docker', 'kubectl', and 'helm' commands. 4. Sanitization: Absent. The agent is not instructed to validate or sanitize file contents before execution.
Recommendations
- AI detected serious security threats
Audit Metadata