gitops
Pass
Audited by Gen Agent Trust Hub on Feb 25, 2026
Risk Level: SAFEPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION]: The skill is subject to indirect prompt injection due to its core function of processing external configuration files.
- Ingestion points: Manifests and configuration files located in
argocd/,kubernetes/,tofu/, andansible/directories. - Boundary markers: No delimiters or specific instructions are included to prevent the agent from obeying instructions embedded within the processed YAML or HCL files.
- Capability inventory: The skill has the capability to execute subprocesses for
kubectl,helm,terraform,ansible,bun, and repository-local shell scripts. - Sanitization: There is no evidence of content sanitization or instruction-filtering for the data read from the repository files before it is processed by the agent's capabilities.
Audit Metadata