debug-buttercup
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Unverifiable Dependencies & Remote Code Execution] (SAFE): The skill executes
scripts/diagnose.sh, which is a local bash script provided within the skill package. Analysis of the script shows it performs standard diagnostic read operations usingkubectland does not download or execute remote code. It referencesdeployment/collect-logs.sh, which is not provided but is described as a local log collection script.\n- [Privilege Escalation] (SAFE): The skill useskubectlto interact with the Kubernetes cluster. These operations are intended for troubleshooting thecrsnamespace and do not attempt to gain unauthorized access. The skill's functionality is limited to the permissions of thekubectlcontext provided by the user.\n- [Indirect Prompt Injection] (LOW):\n - Ingestion points:
kubectl logs,kubectl get events, and pod termination reasons fromkubectl describe pod(referenced inSKILL.mdandscripts/diagnose.sh).\n - Boundary markers: Absent; logs and event data are presented directly to the agent without delimiters or instructions to ignore embedded content.\n
- Capability inventory: The skill allows the agent to execute shell commands (
kubectl) and run local scripts.\n - Sanitization: None; the content of logs and events is not filtered or escaped before being processed by the agent.\n
- Description: Malicious data embedded in logs or Kubernetes events could potentially influence the agent's behavior. This is an inherent risk in diagnostic tools that process external system output.\n- [Data Exposure & Exfiltration] (SAFE): The skill retrieves environment variables and logs for debugging purposes. No external network operations or hardcoded credentials were detected.
Audit Metadata