helm-chart-scaffolding
Pass
Audited by Gen Agent Trust Hub on Apr 14, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill includes a shell script
scripts/validate-chart.shdesigned to be executed by the agent to validate Helm chart integrity. It utilizes standard tools includinghelm,jq,grep, andawk. The script performs linting and dry-run installations, which are standard operations for the skill's stated purpose of Helm chart scaffolding. - [DATA_EXPOSURE]: The skill provides templates (
assets/values.yaml.template) and playbooks containing placeholder credentials such aspassword: changeme. These are standard practice for documentation and templates and do not represent hardcoded secrets. - [EXTERNAL_DOWNLOADS]: The skill references external Helm repositories from Bitnami (
https://charts.bitnami.com/bitnami) in its templates and documentation. Bitnami is a well-known and trusted provider of Kubernetes application packages. - [INDIRECT_PROMPT_INJECTION]: The
scripts/validate-chart.shscript represents an ingestion point for untrusted data as it processes a user-provided directory. - Ingestion points: Reads
Chart.yamlandvalues.yamlfrom the directory path provided as an argument toscripts/validate-chart.sh. - Boundary markers: The script does not implement specific delimiters for the content it reads, relying on standard
helmcommand parsing. - Capability inventory: Executes
helm lint,helm template, andhelm install --dry-runvia thescripts/validate-chart.shutility. - Sanitization: The script performs basic validation of file existence but does not sanitize the content of the YAML files before passing them to the
helmbinary.
Audit Metadata