Skills
skills/meriley/claude-code-skills/gitops-apply/Gen Agent Trust Hub

gitops-apply

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [CREDENTIALS_UNSAFE]: The bootstrap documentation in references/BOOTSTRAP-WORKFLOW.md provides commands to programmatically retrieve and decode the initial administrative password for ArgoCD from a Kubernetes secret. This exposes sensitive credentials in the agent's execution context.
  • [EXTERNAL_DOWNLOADS]: The bootstrap scripts in references/BOOTSTRAP-WORKFLOW.md download and apply Kubernetes manifests directly from the Argo Project GitHub repository. This involves the runtime execution of configuration from a remote source.
  • [COMMAND_EXECUTION]: The skill involves the extensive use of powerful administrative CLI tools including kubectl, git, argocd, and flux to perform cluster mutations and repository management tasks.
  • [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection through the ingestion and processing of untrusted user input for manifest modifications.
  • Ingestion points: User-provided requests for scaling, image updates, or configuration changes processed in references/WORKFLOW-STEPS.md.
  • Boundary markers: Absent; there are no clear delimiters to separate user data from instructions.
  • Capability inventory: kubectl apply, git commit, argocd sync, and flux reconcile found in SKILL.md and referenced documentation.
  • Sanitization: Absent; the skill lacks automated validation or sanitization of user-provided values before they are applied to Kubernetes manifests.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 07:48 AM