kubecon-llm-k8s
Warn
Audited by Gen Agent Trust Hub on Feb 21, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): The skill clones a repository from
https://github.com/Eng0AI/kubecon-llm-k8s-template.git. This source is not verified or trusted, potentially introducing malicious scripts or configurations into the environment. - REMOTE_CODE_EXECUTION (MEDIUM): The skill instructs the agent to run
pnpm installandpnpm devimmediately after cloning the untrusted repository. This pattern allows the external code to execute its own scripts (e.g., via npm lifecycle hooks) with the same privileges as the agent. - COMMAND_EXECUTION (LOW): The skill utilizes several shell commands including
git,mv,rm, and deployment CLI tools (vercel,netlify). These provide a broad attack surface when combined with untrusted external content. - CREDENTIALS_UNSAFE (LOW): The deployment commands utilize the
$VERCEL_TOKENenvironment variable. While no secrets are hardcoded, the execution of untrusted code from the cloned repository creates a pathway for this token to be intercepted or exfiltrated during the build or deployment process.
Audit Metadata