helm-deploy
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill invokes sensitive Kubernetes and Helm operations such as
helm_install,helm_upgrade, andhelm_listthrough an MCP server. These actions are strictly gated by multiple 'WAIT for user confirmation' checkpoints (Steps 1, 3, 4, and 6), ensuring the user has oversight of the actual commands being executed. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface in Step 2, where it reads untrusted data from local files (e.g.,
Chart.yaml). This data is subsequently used to populate deployment summaries and configure Helm templates. While malicious instructions could be embedded in these files, the skill's design forces the user to review the detected project info and the final deployment summary before any execution occurs. - [COMMAND_EXECUTION]: In Step 3, the skill dynamically generates configuration files (Chart.yaml, values.yaml, etc.) by interpolating project metadata into predefined templates. This dynamic generation is restricted to a known set of templates and requires explicit user consent before the files are written to the filesystem.
Audit Metadata