kafka
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill relies on high-privilege
kubectlandhelmcommands for infrastructure management. APreToolUsehook inSKILL.mdis configured to execute.claude/hooks/verify-kubectl-context.sh, but this script is not included in the skill's file list. This represents an unverifiable execution of logic with the agent's full system access. - PROMPT_INJECTION (HIGH): The skill exposes a large Indirect Prompt Injection surface (Category 8). It provides runbooks and templates for consuming and analyzing Kafka messages and logs (e.g.,
debugging-runbooks.md,Makefile, andproducer-consumer.py). Since the agent haskubectl execand cluster modification capabilities, malicious instructions embedded in Kafka topics could be processed by the agent, potentially triggering unauthorized cluster operations without explicit user consent. - EXTERNAL_DOWNLOADS (MEDIUM): The skill configures external downloads from
strimzi.io(Helm charts) andmaven.org(Debezium plugins). These sources are not included in the predefined list of Trusted External Sources and thus represent unverifiable third-party dependencies. - INSECURE_CONFIGURATION (MEDIUM): The default cluster manifest in
manifests/kafka-cluster.yamlexposes an external Kafka listener vianodeportwithout TLS encryption or authentication. This default configuration is highly insecure for production or non-isolated environments.
Recommendations
- AI detected serious security threats
Audit Metadata