k8s-platform-operations
Warn
Audited by Gen Agent Trust Hub on Feb 28, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill performs high-privilege administrative operations on a Kubernetes cluster. Evidence: Usage of 'kubectl drain', 'kubectl cordon', 'kubectl rollout restart', and 'velero backup create'. Evidence: Execution of 'ssh ${NODE}' to access cluster nodes for log retrieval and status checks.
- [CREDENTIALS_UNSAFE]: The skill accesses sensitive Kubernetes control plane certificates and keys. Evidence: The 'etcdctl snapshot save' command references '/etc/kubernetes/pki/etcd/ca.crt', '/etc/kubernetes/pki/etcd/server.crt', and '/etc/kubernetes/pki/etcd/server.key'.
- [PROMPT_INJECTION]: The skill has a vulnerability surface for indirect prompt injection by processing untrusted data from cluster logs and events. Ingestion points: 'kubectl logs', 'kubectl get events', and 'journalctl' outputs are read into the agent context (SKILL.md, references/incident-runbooks.md). Boundary markers: No explicit delimiters or instructions to ignore embedded commands within the ingested data are defined. Capability inventory: The skill has the ability to write to the cluster (cordon, drain, restart) and execute shell commands. Sanitization: There is no evidence of sanitization or filtering of the ingested log/event content.
Audit Metadata