gitops-workflow
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTIONCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION] (CRITICAL): The skill installs the Flux CLI by piping a script from
https://fluxcd.io/install.shdirectly intosudo bash. This untrusted remote execution vector allows for arbitrary system compromise. - [PROMPT_INJECTION] (HIGH): Vulnerable to Indirect Prompt Injection (Category 8) because it pulls and applies configurations from external Git repositories. Evidence: Ingestion points in
SKILL.md(GitRepository/Application specs); Capability inventory includes full cluster control viakubectlandargocd; No boundary markers or manifest sanitization are present. - [COMMAND_EXECUTION] (HIGH): Extensive use of administrative tools (
kubectl,argocd,flux) for cluster management and credential retrieval. - [EXTERNAL_DOWNLOADS] (MEDIUM): Automatically applies Kubernetes manifests from
https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml, which is not a verified trusted source. - [CREDENTIALS_UNSAFE] (HIGH): Provides commands to extract and decode sensitive administrative credentials (
argocd-initial-admin-secret) to the local terminal shell.
Recommendations
- AI detected serious security threats
Audit Metadata