Skills
skills/mckinsey/agents-at-scale-ark/ark-sdk-development/Gen Agent Trust Hub

ark-sdk-development

Warn

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
  • [Indirect Prompt Injection] (MEDIUM): The skill describes a type generation pipeline that is vulnerable to indirect injection via malicious Kubernetes CRD definitions.\n
  • Ingestion points: CRD YAML files in ark/config/crd/bases/*.yaml.\n
  • Boundary markers: None specified in the instructions.\n
  • Capability inventory: Execution of make and npm build scripts, Python script execution (crd_to_openapi.py), and file system modifications (overlay copying).\n
  • Sanitization: No mention of validation or sanitization for the source CRD files before they are processed by generators.\n- [Command Execution] (LOW): The instructions require the agent to execute various shell commands including make, npm, and cp. While standard for local development, these represent significant capabilities that could be abused if the underlying build scripts or input data are compromised.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 16, 2026, 12:28 PM