cloud-architect
Fail
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- COMMAND_EXECUTION (HIGH): In scripts/validate-helm.sh, input variables (CHART_PATH, VALUES_FILE, KUBE_VERSION) are interpolated into command strings which are then executed via subshell expansion $(...). This allows an attacker to execute arbitrary shell commands by providing arguments containing shell metacharacters such as semicolons or backticks. Evidence: LINT_OUTPUT=$($LINT_CMD 2>&1 || true).
- EXTERNAL_DOWNLOADS (LOW): The scripts invoke helm dependency build and terraform init, which are configured to download external dependencies (Helm charts and Terraform providers). This is standard behavior but relies on the security of the remote repositories defined in the configuration files.
- PROMPT_INJECTION (LOW): Indirect Prompt Injection Risk. (1) Ingestion points: Local directories and files processed via CHART_PATH and TF_DIR arguments. (2) Boundary markers: Absent; files are processed without isolation. (3) Capability inventory: Subprocess execution of helm and terraform, filesystem reads via grep. (4) Sanitization: Absent; no validation is performed on inputs or file contents before they are used in shell commands.
Recommendations
- AI detected serious security threats
Audit Metadata