runbook
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses sensitive infrastructure and configuration files, such as Kubernetes manifests and Terraform scripts, to generate documentation. This involves exposing environment architecture and internal configuration details to the agent context.
- [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection by processing untrusted data from the repository to generate commands and runbook procedures.
- Ingestion points: Codebase source files, service configuration, and infrastructure manifests (Kubernetes, Terraform) as specified in the investigation strategy of
SKILL.md. - Boundary markers: Absent; there are no specific instructions or delimiters provided to the agent to prevent it from following commands or instructions embedded within the analyzed file content.
- Capability inventory: The skill uses
Read,Glob,Grep, andWritetools to interact with the filesystem. - Sanitization: No validation or sanitization is performed on the content extracted from the files before it is used to generate the runbook output.
Audit Metadata