minikube-setup
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (MEDIUM): The skill executes high-privilege commands using
sudoto install binaries to/usr/local/binand to modify the system/etc/hostsfile. These operations are essential for the skill's primary purpose of local Kubernetes orchestration but represent a significant privilege level. - [EXTERNAL_DOWNLOADS] (LOW): Binaries are retrieved from
storage.googleapis.comandgithub.com. These are trusted sources for Kubernetes-related tooling, resulting in a downgraded severity for the download activity itself. - [REMOTE_CODE_EXECUTION] (MEDIUM): The skill provides and executes local shell scripts (e.g.,
scripts/validate.sh) and complex multi-line examples via the allowedBashtool. This involves executing provided logic that interacts with the system state. - [DYNAMIC_EXECUTION] (MEDIUM): The skill utilizes
eval $(minikube docker-env), which dynamically reconfigures the current shell session's environment variables to point to the Minikube Docker daemon. - [INDIRECT_PROMPT_INJECTION] (LOW): The workflow ingests external data from the local file system, such as Kubernetes manifests and Dockerfiles, which could be manipulated by an attacker to influence the agent's behavior.
- Ingestion points: Files in
k8s/,./frontend, and./backenddirectories. - Boundary markers: Absent.
- Capability inventory: Subprocess execution via
Bash,kubectl, anddockertools. - Sanitization: Absent; the skill directly applies manifests and builds images from these paths.
Audit Metadata