eg-webapp
Pass
Audited by Gen Agent Trust Hub on Mar 14, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is designed to generate standard Kubernetes manifests for Envoy Gateway resources. It correctly prioritizes security-first configurations such as HTTP-to-HTTPS redirection and the use of SecurityPolicies for authentication.
- [SAFE]: The workflow follows a logical and modular structure, delegating tasks to specific Envoy Gateway sub-skills for TLS, routing, and authentication.
- [SAFE]: The skill demonstrates good security hygiene by directing users to store sensitive OIDC credentials within Kubernetes Secrets rather than embedding them directly in manifest output.
- [SAFE]: An analysis of indirect prompt injection surfaces shows that while the skill ingests user input (hostnames, service names, and URLs) for manifest generation, it does not possess high-privilege autonomous capabilities that could be exploited via injection.
- Ingestion points: SKILL.md (Intake Interview section questions regarding hostname, backend services, and authentication providers).
- Boundary markers: Not explicitly defined in the manifest templates.
- Capability inventory: SKILL.md (Workflow phases 1-6 describe the generation of Kubernetes resource YAMLs for Gateway, HTTPRoute, and SecurityPolicy).
- Sanitization: The skill provides templates with placeholder TODOs for user-specific values, encouraging manual review of the generated manifests.
Audit Metadata