write-helm-chart
Fail
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructions include a command to download and execute a shell script directly from a remote source:
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash. This fetches the official installation script from the Helm project's GitHub repository. - [COMMAND_EXECUTION]: The skill utilizes the
Bashtool to perform various operations including package installation, chart creation (helm create), and validation (helm lint). It also provides commands for managing Kubernetes resources and secrets viakubectlin the documentation examples. - [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8).
- Ingestion points: The skill processes untrusted data in the form of user-provided Kubernetes manifests and configuration parameters defined in
SKILL.mdunder the 'Inputs' section. - Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the processed manifests are present in the prompt templates.
- Capability inventory: The skill has access to the
Bashtool, which allows for arbitrary command execution on the host system. - Sanitization: There is no evidence of sanitization or validation logic to filter potentially malicious instructions embedded within the input manifests or values files before they are processed by the agent or the templating engine.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - DO NOT USE without thorough review
Audit Metadata