linkerd-patterns
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION] (HIGH): The skill contains a command template that pipes a remote script from
https://run.linkerd.io/installdirectly tosh. This is a high-risk pattern for executing unverified code from the internet. The severity is lowered from CRITICAL to HIGH because the command is the official installation method for the primary subject of the skill (Linkerd). - [COMMAND_EXECUTION] (MEDIUM): The skill provides numerous commands like
kubectl applyandlinkerd installwhich perform high-privilege operations on Kubernetes clusters. These are inherent to the skill's purpose but pose a risk if misused. - [EXTERNAL_DOWNLOADS] (LOW): The skill references and downloads assets from
run.linkerd.io, which is an external source not included in the trusted domains list. - [PROMPT_INJECTION] (LOW): The instructions reference an external file
resources/implementation-playbook.mdas an ingestion point, creating a surface for indirect prompt injection. Evidence: 1. Ingestion point:resources/implementation-playbook.md. 2. Boundary markers: Absent. 3. Capability inventory: High-privilege shell commands (kubectl,linkerd). 4. Sanitization: Absent.
Recommendations
- HIGH: Downloads and executes remote code from: https://run.linkerd.io/install - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata