helm
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [COMMAND_EXECUTION] (LOW): The skill enables the use of the Bash tool to execute Helm commands. While essential for the skill's functionality, this provides a broad execution surface as the agent can execute arbitrary shell commands.
- [EXTERNAL_DOWNLOADS] (LOW): The skill references the Bitnami Helm repository (https://charts.bitnami.com/bitnami) for fetching dependencies. Although Bitnami is a widely used and reputable source, it is an external repository not included in the predefined trusted list.
- [INDIRECT_PROMPT_INJECTION] (LOW): The skill is vulnerable to indirect prompt injection if the agent processes Helm charts or values files from untrusted sources (e.g., a pull request or third-party repository).
- Ingestion points: Helm configuration files (Chart.yaml, values.yaml) and template files (templates/*.yaml) processed during deployment, linting, or rendering.
- Boundary markers: No delimiters or safety instructions are provided to the agent to ignore instructions embedded in chart comments or values.
- Capability inventory: The agent has access to the Bash tool (shell execution) and file manipulation tools (Read, Write, Edit, Glob).
- Sanitization: No sanitization or validation of the contents of the Helm charts is performed before the agent interacts with them.
Audit Metadata