Skills
skills/missberg/envoy-skills/eg-service-mesh/Gen Agent Trust Hub

eg-service-mesh

Pass

Audited by Gen Agent Trust Hub on Mar 14, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill generates numerous shell commands for cluster assessment and management.
  • Uses kubectl to inspect namespaces, daemonsets, and GatewayClasses.
  • Uses istioctl and cilium CLI tools to verify mesh status.
  • Executes kubectl label to modify namespace metadata for sidecar injection or ambient mode enrollment.
  • Accesses Kubernetes secrets (istio-ca-secret) to export CA certificates for mTLS configuration, which is a standard procedure for establishing trust in service mesh environments.
  • [EXTERNAL_DOWNLOADS]: Facilitates the installation of Envoy Gateway using Helm.
  • References the official OCI registry: oci://docker.io/envoyproxy/gateway-helm.
  • Pins the version to v1.7.0 as a best practice for infrastructure stability.
  • [DATA_EXPOSURE]: Includes logic to read the Istio root CA certificate from a secret. This data is handled locally within the user's cluster context to create a ConfigMap for BackendTLSPolicy, which is necessary for secure cross-service communication.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 14, 2026, 08:46 PM