vm-lifecycle-manager
Pass
Audited by Gen Agent Trust Hub on Mar 12, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill implements a mandatory 'Human-in-the-Loop' protocol, requiring explicit user confirmation before executing any tool commands that change the power state of a virtual machine.
- [DATA_EXPOSURE_AND_EXFILTRATION]: The instructions contain clear security warnings to never display the KUBECONFIG path or credential values to the user, protecting sensitive cluster access information.
- [EXTERNAL_DOWNLOADS]: The skill references an MCP server from the 'openshift' GitHub organization (openshift/openshift-mcp-server). As this is a well-known organization, the reference is considered safe and standard for the skill's operational context.
- [COMMAND_EXECUTION]: While the skill executes commands via the vm_lifecycle tool, these are limited to predefined actions (start, stop, restart) on specific Kubernetes resources, and the workflow requires verification steps to ensure state consistency.
Audit Metadata