Skills
skills/meriley/claude-code-skills/helm-production-patterns/Gen Agent Trust Hub

helm-production-patterns

Warn

Audited by Gen Agent Trust Hub on Mar 29, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill directs the user to install Helm plugins from external GitHub repositories: https://github.com/jkroepke/helm-secrets and https://github.com/helm-unittest/helm-unittest.
  • [REMOTE_CODE_EXECUTION]: Installing third-party Helm plugins requires downloading and executing code from the internet.
  • [COMMAND_EXECUTION]: The skill provides numerous shell commands for using helm, kubectl, and pg_dump during the deployment lifecycle.
  • [PROMPT_INJECTION]: The Helm templates interpolate data from untrusted sources (values.yaml) into Kubernetes manifests. Ingestion: user-provided values; Boundary markers: absent; Capabilities: execution via helm/kubectl; Sanitization: absent. This vulnerability surface allows for indirect prompt injection.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 29, 2026, 07:48 AM