Trust Assessment
k8s-backup received a trust score of 86/100, placing it in the Mostly Trusted category. This skill has passed most security checks with only minor considerations noted.
SkillShield's automated analysis identified 1 finding: 0 critical, 1 high, 0 medium, and 0 low severity. Key findings include `kubectl_apply` tool allows arbitrary Kubernetes manifest application.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| HIGH | `kubectl_apply` tool allows arbitrary Kubernetes manifest application The `kubectl_apply` tool, as demonstrated in the skill, takes a `manifest` parameter which can be used to apply arbitrary Kubernetes YAML. If an AI agent constructs this manifest based on untrusted user input, it creates a direct **COMMAND INJECTION** vulnerability, allowing an attacker to create, modify, or delete any Kubernetes resource the agent has permissions for. This also represents **EXCESSIVE PERMISSIONS** as it grants broad control over the cluster beyond specific Velero operations. Implement strict input validation and sanitization for the `manifest` parameter. Consider using more granular, Velero-specific tools instead of a generic `kubectl_apply` for common operations, or restrict the types of resources that can be applied. If `kubectl_apply` is absolutely necessary, ensure the LLM's output for the `manifest` is thoroughly reviewed and validated against a strict schema before execution. | LLM | SKILL.md:109 |
Scan History
Embed Code
[](https://skillshield.io/report/fb9c7fed6c2363bc)
Powered by SkillShield