cel-k8s
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFE
Full Analysis
- SAFE (SAFE): The analyzed files are Kubernetes YAML manifests for ValidatingAdmissionPolicy and ValidatingAdmissionPolicyBinding resources. These resources are security controls by design, used to validate other Kubernetes objects against defined rules.
- Indirect Prompt Injection (LOW): As a security policy, this skill processes untrusted input in the form of Kubernetes resource specifications (e.g., Pod or Deployment manifests) submitted by users.
- Ingestion points: Kubernetes API requests for resource creation or update are evaluated against the CEL expressions in the policies.
- Boundary markers: The policies use CEL (Common Expression Language) to define strict validation logic, acting as the boundary themselves.
- Capability inventory: The policies can Deny, Audit, or Warn about non-compliant resources. They do not perform network operations or execute arbitrary shell commands.
- Sanitization: The skill's primary purpose is sanitization and validation of the Kubernetes API surface area.
- NO_CODE (SAFE): No executable scripts (Python, Node.js, Shell), remote downloads, or obfuscated content were detected in the files.
Audit Metadata