runbook-creator
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): The skill provides instructions for high-impact and destructive commands. Evidence: SKILL.md contains templates for 'redis-cli FLUSHALL' (data destruction), 'kubectl rollout restart' (service disruption), and 'pg_ctl promote' (state change). These commands utilize unvalidated placeholders like [service], [host], and [namespace] which are susceptible to command injection.
- PROMPT_INJECTION (HIGH): The skill presents a high risk for Indirect Prompt Injection (Category 8). Ingestion points: The skill is designed to process external incident reports, logs, and alert metadata. Boundary markers: Absent; there are no delimiters or instructions to treat input as non-executable data. Capability inventory: The skill grants access to powerful CLI tools including kubectl, redis-cli, and curl. Sanitization: Absent; external data is directly interpolated into shell command templates without escaping or validation.
- COMMAND_EXECUTION (MEDIUM): The skill references an unverifiable local script './scripts/diagnose-service.sh' whose behavior cannot be audited.
Recommendations
- AI detected serious security threats
Audit Metadata