Skills
skills/oimiragieo/agent-studio/kubernetes-flux/Gen Agent Trust Hub

kubernetes-flux

Fail

Audited by Gen Agent Trust Hub on Mar 6, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The documentation in SKILL.md provides instructions to download and execute an installation script from https://fluxcd.io/install.sh. This is an official source for the FluxCD tool.
  • [COMMAND_EXECUTION]: The skill enables the execution of Kubernetes management commands through kubectl and flux. This includes high-privilege operations such as kubectl exec, which allows the agent to run arbitrary commands inside containerized environments.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection via untrusted data retrieved from the cluster.
  • Ingestion points: Data enters the agent context through commands like kubectl logs, kubectl get events, and flux get all as described in SKILL.md and implemented in scripts/main.cjs.
  • Boundary markers: No specific delimiters or instructions to ignore embedded commands are present in the scripts or system prompts.
  • Capability inventory: The skill possesses the Bash tool and utilizes child_process.spawn in scripts/main.cjs to run CLI tools. It supports kubectl exec for remote command execution within pods.
  • Sanitization: There is no evidence of sanitization, filtering, or validation of the retrieved log data or event messages before they are processed by the agent.
Recommendations
  • HIGH: Downloads and executes remote code from: https://fluxcd.io/install.sh - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 6, 2026, 09:21 AM