gitops-workflows
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis
- Unverifiable Dependencies & Remote Code Execution (HIGH): In
references/flux-implementation.md, the commandcurl -s https://fluxcd.io/install.sh | sudo bashdownloads and executes a script with root privileges from the non-whitelisted domainfluxcd.io. This is downgraded from CRITICAL as it is the primary installation method for the skill's core functionality. - Unverifiable Dependencies & Remote Code Execution (MEDIUM): The skill frequently applies manifests from untrusted (non-whitelisted) GitHub repositories, which could contain malicious resource definitions. Examples include ArgoCD (
argoprojrepository), Flagger (fluxcdrepository), and Sealed Secrets (bitnami-labsrepository). - Privilege Escalation (HIGH): The Flux installer script is executed with
sudo, granting full administrative access to an unverified external resource. - Data Exposure & Exfiltration (LOW):
references/argocd-implementation.mdprovides instructions to retrieve and decode the initial ArgoCD admin password from a cluster secret. While necessary for initial setup, this involves handling plain-text credentials. - Indirect Prompt Injection (LOW): The skill establishes an attack surface where the agent acts on instructions/manifests fetched from external Git repositories.
- Ingestion points:
repoURLin ArgoCD Applications andurlin Flux GitRepository resources across multiple reference files. - Boundary markers: Absent; fetched configurations are applied without delimiters or "ignore embedded instructions" headers.
- Capability inventory:
kubectl apply,kubectl patch,flux bootstrap, andgit pushoperations. - Sanitization: Absent; the skill does not include validation or sanitization of the remote manifests before application.
Recommendations
- AI detected serious security threats
Audit Metadata