Skills
skills/rhecosystemappeng/agentic-collections/s2i-build/Gen Agent Trust Hub

s2i-build

Pass

Audited by Gen Agent Trust Hub on Mar 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses Kubernetes MCP to perform administrative tasks such as creating Namespaces, ImageStreams, and BuildConfigs. While these are high-privilege operations, the skill mandates user confirmation (Step 1, 3, 4, 5, 6) before any resource is created or modified.
  • [DATA_EXFILTRATION]: Accesses the local .git/config file to extract repository URLs. This data is handled within the OpenShift/Kubernetes context for building images and is not exfiltrated to unauthorized external domains.
  • [PROMPT_INJECTION]: The skill processes untrusted external data, making it a surface for indirect prompt injection. 1. Ingestion points: Reads repository metadata from .git/config and streams build outputs via pod_logs. 2. Boundary markers: Uses code blocks and --- delimiters for logs. 3. Capability inventory: Uses resources_create_or_update to create cluster infrastructure. 4. Sanitization: No specific sanitization or filtering of log content is described. Risk is mitigated by mandatory human-in-the-loop confirmations before executing capabilities.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 12, 2026, 04:04 PM