kubernetes-saas-delivery
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill references and downloads installation manifests and Helm chart configurations from official GitHub repositories belonging to well-known infrastructure providers such as ArgoCD and Kubecost.
- [PROMPT_INJECTION]: The skill documents an automated tenant onboarding workflow in its references that constitutes an indirect prompt injection surface. This architectural pattern ingests data from external sources to programmatically create infrastructure resources.
- Ingestion points: External tenant-supplied metadata (e.g., slugs, tiers) entering the provisioning pipeline via Signup APIs or application databases as described in 'references/tenant-onboarding-automation.md'.
- Boundary markers: The conceptual templates do not define explicit delimiters or instructions to prevent the execution of embedded commands in tenant data.
- Capability inventory: The identified workflow involves high-privilege operations including Git repository commits, namespace creation via 'kubectl', and secret management via 'vault' and 'aws'.
- Sanitization: The provided pseudo-code examples do not demonstrate input validation or sanitization of tenant-controlled strings before interpolation into generated YAML manifests.
- [COMMAND_EXECUTION]: The documentation includes templates for administrative operations involving shell commands for 'kubectl', 'aws', 'vault', and 'pg_dump' to support cluster lifecycle and maintenance tasks.
Audit Metadata