openshift-expert
Fail
Audited by Gen Agent Trust Hub on Feb 15, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill is designed to process untrusted data from external sources (Prow/Jenkins job URLs, cluster logs, and must-gather data) and uses this data to drive automated analysis and command generation.
- Ingestion points: CI failure logs from Prow/Jenkins URLs, cluster events, and log files.
- Boundary markers: No boundary markers or instructions to ignore embedded commands are mentioned in the documentation.
- Capability inventory: The skill explicitly generates and encourages the execution of shell commands (
oc,omc) with cluster-admin level potential (e.g., getting secrets, checking operator status). - Sanitization: There is no evidence of sanitization or filtering of the incoming log data before it is processed by the AI.
- Command Execution (MEDIUM): The skill utilizes a local Python script (
categorize-failure.py) that processes a JSON file potentially controlled by an attacker (the failure data). While the script is local, its execution on untrusted input without clear validation is a security risk. - Data Exposure (MEDIUM): The skill's primary function is to read and interpret sensitive cluster information, including secrets, logs, and configuration data. While intended for troubleshooting, an indirect prompt injection could redirect this access to exfiltrate sensitive cluster state.
Recommendations
- AI detected serious security threats
Audit Metadata