helm-release-recovery
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes the Bash tool to perform administrative tasks including 'helm rollback', 'helm uninstall', and 'kubectl delete'. These commands are high-privilege and can modify or remove cluster resources. It also instructs the agent to save Helm values to local files (e.g., 'backup-values.yaml'), which may contain sensitive credentials or configuration data in plaintext.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection or command injection because it directs the agent to interpolate user inputs directly into shell commands without explicit sanitization.
- Ingestion points: User input for release names, namespaces, and revision numbers in SKILL.md and REFERENCE.md.
- Boundary markers: Not present; no delimiters or ignore-instructions are used to isolate user data.
- Capability inventory: Extensive use of the Bash tool for 'helm' and 'kubectl' operations across all files.
- Sanitization: Not present; the instructions do not include logic for input validation or shell-escaping of parameters.
Audit Metadata