k8s
Pass
Audited by Gen Agent Trust Hub on Mar 7, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill uses
kubectlCLI commands and Pythonsubprocess.runto orchestrate containerized applications, which involves high-privilege operations within a cluster environment. - [EXTERNAL_DOWNLOADS]: The skill instructions include examples of pulling container images from external registries, such as
nginx, which is standard for Kubernetes operations. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection. * Ingestion points: The agent reads and applies external YAML manifests (
deployment.yaml,pod.yaml) which could contain malicious instructions. * Boundary markers: There are no explicit delimiters or instructions provided to distinguish between trusted commands and untrusted data within the processed files. * Capability inventory: The skill utilizes administrative cluster commands and arbitrary subprocess execution, providing a high-impact target for successful injection. * Sanitization: The documentation does not specify validation or sanitization steps for external configuration content before it is executed by the cluster management tools.
Audit Metadata