container-orchestration
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- Prompt Injection (LOW): The skill possesses an attack surface for indirect prompt injection (Category 8) because it interacts with external, potentially untrusted configuration data while having access to sensitive tools.
- Ingestion points: The skill triggers on and is designed to read and process external files such as Dockerfiles, docker-compose.yml, and Kubernetes manifests (SKILL.md).
- Boundary markers: There are no explicit instructions or delimiters defined to prevent the agent from following instructions embedded in the data it processes (e.g., malicious commands hidden in Dockerfile comments).
- Capability inventory: The skill is granted 'Read', 'Write', and 'Bash' tool permissions. If an attacker-influenced manifest successfully overrides the agent's behavior, these tools could be used for unauthorized actions.
- Sanitization: The provided files do not include logic for sanitizing or validating the contents of ingested configuration files before processing.
Audit Metadata