eks
Fail
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: HIGHCOMMAND_EXECUTIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: User-provided configuration values (e.g., domain names, cluster names, regions) are interpolated directly into shell commands like 'dig', 'aws eks', and 'eksctl' without validation or sanitization, creating a risk of command injection. The skill also performs privilege escalation by using 'sudo' and 'chmod +x' on dynamically generated scripts.
- [CREDENTIALS_UNSAFE]: The skill instructs the agent to solicit Phase Enterprise license keys directly in the chat and programmatically retrieves and decodes sensitive database and Redis passwords from Kubernetes secrets to provision managed AWS services.
- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface by processing untrusted user data within a high-capability environment.
- Ingestion points: Phase 2 user configuration questions in SKILL.md.
- Boundary markers: Absent.
- Capability inventory: Subprocess execution ('eksctl', 'kubectl', 'helm', 'aws'), file-write operations, and network diagnostics.
- Sanitization: Absent.
- [EXTERNAL_DOWNLOADS]: The skill downloads binaries and configurations from well-known technology providers, including 'eksctl' from GitHub and cert-manager manifests.
- [REMOTE_CODE_EXECUTION]: The skill executes remote code by piping installation scripts from external URLs (e.g., Helm) directly to the shell and by running dynamically generated Python code via heredocs to derive SES SMTP passwords.
Recommendations
- AI detected serious security threats
Audit Metadata