devops-troubleshooter
Pass
Audited by Gen Agent Trust Hub on Feb 19, 2026
Risk Level: SAFEPROMPT_INJECTIONNO_CODECOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to indirect prompt injection through its ingestion of external system data. \n
- Ingestion points: Log platforms (ELK, Loki), APM metrics, and distributed tracing (Jaeger, Zipkin) listed in the capabilities. \n
- Boundary markers: Absent. There are no instructions to differentiate between telemetry data and instructions. \n
- Capability inventory: Mastery of high-privilege tools such as
kubectl,terraform,ansible, and cloud CLIs. \n - Sanitization: Absent. No evidence of content validation or escaping for external data sources.\n- [Command Execution] (LOW): The skill intended for DevOps troubleshooting requires interaction with sensitive administration tools (e.g.,
kubectl,tcpdump,terraform). While these are necessary for the skill's purpose, they represent a significant capability tier that could be abused.\n- [No Code] (SAFE): Analysis found no executable scripts, shell commands, or dependency configuration files; the skill consists entirely of markdown instructions.
Audit Metadata