Skills
skills/rohitg00/kubectl-mcp-server/k8s-autoscaling/Gen Agent Trust Hub

k8s-autoscaling

Fail

Audited by Gen Agent Trust Hub on Feb 16, 2026

Risk Level: HIGHCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
  • [CREDENTIALS_UNSAFE] (HIGH): Hardcoded credential pattern detected in example configuration file.
  • Evidence: Found amqp://user:pass@rabbitmq.default.svc:5672 in KEDA-TRIGGERS.md. While used in an example, such patterns can be mistakenly applied to production environments or leak placeholder formats.
  • [COMMAND_EXECUTION] (HIGH): High-privilege capability to modify Kubernetes cluster state via manifest application (Category 8: Indirect Prompt Injection surface).
  • Ingestion points: The skill processes YAML definitions provided in the documentation and examples (e.g., hpa-cpu.yaml, keda-scaledobject.yaml).
  • Boundary markers: None identified. There are no explicit instructions to the agent to validate or sanitize the content of the YAML before application.
  • Capability inventory: The tool kubectl_apply is used in SKILL.md to commit arbitrary resource definitions to the cluster.
  • Sanitization: Absent. The agent is encouraged to 'apply and verify' without manual validation steps.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 16, 2026, 07:26 AM