write-docs
Pass
Audited by Gen Agent Trust Hub on Mar 11, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches an ingress controller manifest from the official kubernetes/ingress-nginx GitHub repository.
- [COMMAND_EXECUTION]: Uses kind, kubectl, docker, npm, and helm to manage a local testing environment. These actions are consistent with the skill's primary objective.
- [REMOTE_CODE_EXECUTION]: Applies remote manifests via kubectl. This operation targets a verified resource from a trusted organization.
- [PROMPT_INJECTION]: Identified a surface for indirect prompt injection.
- Ingestion points: The agent receives and processes untrusted output from the user's MCP client interactions in Step 4.
- Boundary markers: Absent. No delimiters or specific instructions are present to prevent the model from obeying instructions hidden within the tool output.
- Capability inventory: The agent has access to the bash tool for executing shell commands and the edit tool for modifying files.
- Sanitization: Absent. The data provided by the user is directly integrated into the documentation content without validation or escaping.
Audit Metadata