linkerd-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): Template 1 executes 'curl -sSfL https://run.linkerd.io/install | sh'. This is a confirmed piped remote execution pattern targeting 'run.linkerd.io', which is not a pre-approved Trusted External Source. Although this is the official Linkerd installer, the pattern allows for unverified code execution.
- [COMMAND_EXECUTION] (HIGH): The skill provides multiple templates for executing 'kubectl apply' and 'linkerd' CLI commands. These operations typically require cluster-admin privileges and can significantly alter a cluster's security configuration.
- [EXTERNAL_DOWNLOADS] (MEDIUM): The installation process downloads scripts and binaries from 'run.linkerd.io'. This domain is not listed in the Trusted External Sources, requiring manual verification of its integrity.
- [PROMPT_INJECTION] (LOW): The skill provides Kubernetes resource templates that are susceptible to indirect prompt injection if untrusted external data is used to populate metadata or spec fields. 1. Ingestion points: Metadata and spec fields in YAML templates within SKILL.md. 2. Boundary markers: Absent. 3. Capability inventory: High-privilege command execution via 'kubectl' and 'linkerd'. 4. Sanitization: No sanitization or validation of template values detected.
Recommendations
- HIGH: Downloads and executes remote code from: https://run.linkerd.io/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata