Skills
skills/pluginagentmarketplace/custom-plugin-devops/gitops/Gen Agent Trust Hub

gitops

Warn

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • EXTERNAL_DOWNLOADS (MEDIUM): The file assets/gitops-patterns.yaml references https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml for use with kubectl apply. Since the argoproj organization is not within the defined trust scope, this is considered an unverified external source. The severity is set to MEDIUM as this is a standard configuration pattern for the relevant tool and is part of the skill's primary purpose.
  • COMMAND_EXECUTION (LOW): The script scripts/sync_check.sh utilizes a positional argument $1 within an argocd command, creating an indirect prompt injection surface.
  • Ingestion points: Positional parameter $1 in scripts/sync_check.sh.
  • Boundary markers: None present.
  • Capability inventory: Execution of argocd app list and argocd app get commands in scripts/sync_check.sh.
  • Sanitization: None; input is passed directly to the command line, though it is double-quoted.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 17, 2026, 06:33 PM