setup-local-kubernetes
Pass
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill fetches installation binaries and components from official and trusted domains, including kind.sigs.k8s.io, storage.googleapis.com (for Skaffold and Minikube), and dl.k8s.io (for kubectl).
- [REMOTE_CODE_EXECUTION]: Installation scripts for k3d and Tilt are sourced from their official GitHub repositories (k3d-io and tilt-dev) and executed via piped bash commands. These are recognized services within the Kubernetes ecosystem, and this represents their standard installation method.
- [COMMAND_EXECUTION]: The skill uses 'sudo' for administrative tasks such as moving binaries into the system path (/usr/local/bin) and updating /etc/hosts for local ingress resolution. These actions are expected and appropriate for the skill's primary purpose of local tool installation.
- [COMMAND_EXECUTION]: The configuration for the metrics-server includes the '--kubelet-insecure-tls' flag to disable TLS verification. While this is a security bypass, it is the standard configuration required for monitoring to function correctly in local developer clusters.
- [CREDENTIALS_UNSAFE]: Example manifests for local development databases (PostgreSQL) contain hardcoded default credentials like 'devpassword'. These are clearly marked for local development use and do not involve sensitive production data.
Audit Metadata