k8s-certs
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (HIGH): The skill instructs the user/agent to execute
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/latest/download/cert-manager.yaml. This is a remote execution vector equivalent to piping a remote script to a shell. - Evidence: Found in the 'Prerequisites' section of SKILL.md.
- Trust Status: The source
cert-manager/cert-manageris not included in the provided Trusted External Sources list, making this an untrusted remote execution finding. - COMMAND_EXECUTION (HIGH): The skill provides the
kubectl_applytool which can execute arbitrary manifests on the Kubernetes cluster. This is a high-privilege operation that can be used to modify cluster configuration, create backdoors, or escalate privileges. - Indirect Prompt Injection (HIGH): The skill possesses a high-privilege write capability (
kubectl_apply) and processes external content (manifests constructed from user instructions). - Ingestion points:
kubectl_apply(manifest=...)in SKILL.md. - Boundary markers: Absent. The skill uses raw string interpolation for manifests without delimiters or instruction-bypass protection.
- Capability inventory:
kubectl_apply(cluster-wide write),certmanager_*(cluster-wide read). - Sanitization: None detected. The skill directly translates natural language requests into executable Kubernetes manifests.
Recommendations
- AI detected serious security threats
Audit Metadata