yq-yaml-processing
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEPROMPT_INJECTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface due to its core function of reading and processing untrusted YAML data.
- Ingestion points: The skill reads from various external files such as deployment.yaml and workflow.yml.
- Boundary markers: No delimiters or specific instructions are provided to prevent the agent from following directions found within the YAML content.
- Capability inventory: The skill utilizes Bash, Write, and Edit tools which can be leveraged to modify the system based on input data.
- Sanitization: No input validation or filtering of the processed YAML content is demonstrated.
- [COMMAND_EXECUTION]: Includes instructions for running 'yq' commands in a shell environment, installing the tool using 'sudo snap', and executing via 'docker'.
- [EXTERNAL_DOWNLOADS]: References official and well-known installation sources for the 'yq' utility, including Homebrew and GitHub repositories.
Audit Metadata