mirrord-kafka
Pass
Audited by Gen Agent Trust Hub on Apr 29, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill utilizes kubectl commands to gather cluster context and verify the existence of required resources.\n
- Evidence: SKILL.md (Step 2) uses kubectl config, get namespace, and get crd to establish context.\n- [PROMPT_INJECTION]: The skill ingests data from Kubernetes resource definitions and user input, creating an indirect prompt injection surface.\n
- Ingestion points: SKILL.md (Step 2 and 3) reads workload pod specs and user-provided values for namespaces and topics.\n
- Boundary markers: The skill instructs the agent to treat data within <USER_INPUT> tags as opaque and non-instructional.\n
- Capability inventory: The skill includes read-only cluster access (kubectl) and the generation of structured YAML/JSON configurations.\n
- Sanitization: The skill enforces strict input sanitization, including validation of names via regex and the rejection of any input containing shell metacharacters.
Audit Metadata