iac-scan-kube-linter
Pass
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION] (SAFE): The skill executes the
kube-lintercommand to perform its primary function of scanning infrastructure-as-code files. This is limited to the specific binary and is the intended use case. - [INDIRECT_PROMPT_INJECTION] (SAFE): The skill processes external Kubernetes manifests which represents a theoretical injection surface. However, the risk is negligible because the data is processed by a specialized static analysis tool and the agent is instructed to parse structured JSON output. Evidence: 1. Ingestion points: User-provided Kubernetes manifests or Helm charts via the
kube-lintercommand; 2. Boundary markers: Not explicitly defined in instructions; 3. Capability inventory: Local execution ofkube-linterand parsing of output; 4. Sanitization: Parsing is performed by the linter binary itself.
Audit Metadata