debug-buttercup
Pass
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill makes extensive use of the
kubectlcommand-line tool to interact with the Kubernetes cluster.\n - Evidence: The
SKILL.mdfile andscripts/diagnose.shscript execute numerous commands includingkubectl get,kubectl describe,kubectl top,kubectl logs, andkubectl exec.\n - Context: Specifically,
kubectl execis used to run diagnostic tools likeredis-cli,mount, andduinside active containers in thecrsnamespace.\n- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection due to its processing of untrusted data from the cluster environment.\n - Ingestion points: The agent ingests data from container logs via
kubectl logsand from the output of commands run inside containers viakubectl exec(found inSKILL.mdandscripts/diagnose.sh).\n - Boundary markers: No delimiters or explicit instructions are provided to the agent to distinguish between legitimate diagnostic output and potential instructions embedded within that output.\n
- Capability inventory: Across the provided files, the skill demonstrates the ability to execute code in containers, read application logs, and access cluster events.\n
- Sanitization: There is no evidence of logic designed to sanitize or validate the content retrieved from logs or container outputs before it is presented to the agent.
Audit Metadata