k8s-query
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [PROMPT_INJECTION] (HIGH): The skill is vulnerable to Indirect Prompt Injection through the processing of Kubernetes logs, events, and resource descriptions.
- Ingestion points: Untrusted data enters the agent context via
kubectl logs,kubectl get events, andkubectl describeas seen inSKILL.mdandreferences/COMMANDS.md. - Boundary markers: None detected. There are no instructions or delimiters defined to prevent the agent from interpreting content within logs or events as new commands.
- Capability inventory: The skill involves extensive shell command execution (
kubectl) and file system writes to/tmpas described inSKILL.md. - Sanitization: None detected. The skill does not provide mechanisms to sanitize or filter out potential escape sequences or hidden instructions in the ingested data.
- [COMMAND_EXECUTION] (LOW): The skill's primary function is to provide a set of shell commands for the agent to execute. While these are standard
kubectlcommands, they grant the agent significant visibility and potential influence over the Kubernetes environment.
Recommendations
- AI detected serious security threats
Audit Metadata