helm-debugging
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is designed to ingest and process outputs from various Kubernetes and Helm commands, which creates a surface for indirect prompt injection. Malicious or malformed data within a cluster (such as pod logs, event messages, or helm values) could potentially influence the agent's logic if interpreted as instructions.
- Ingestion points: Data enters the agent's context through tools like
helm get manifest,helm get values,kubectl logs, andkubectl get events(referenced inSKILL.mdandREFERENCE.md). - Boundary markers: The instructions do not specify the use of delimiters or 'ignore' warnings when the agent parses these external outputs.
- Capability inventory: The skill allows the use of the
Bashtool, providing the agent with the ability to execute commands on the host or cluster based on its interpretation of the data. - Sanitization: There is no evidence of sanitization, schema validation, or escaping of the retrieved content before it is processed by the LLM.
Audit Metadata