Skills
skills/foxj77/claude-code-skills/k8s-security-hardening/Gen Agent Trust Hub

k8s-security-hardening

Pass

Audited by Gen Agent Trust Hub on Feb 28, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches Kubernetes security auditing manifests from Aqua Security's official GitHub repository for CIS benchmarking.
  • [EXTERNAL_DOWNLOADS]: References the official Aqua Security container image for running security scans.
  • [COMMAND_EXECUTION]: Executes multiple kubectl and jq commands to inspect cluster configuration, audit RBAC permissions, and check for security policy violations.
  • [PROMPT_INJECTION]: Presents a surface for indirect prompt injection through the processing of cluster data.
  • Ingestion points: The skill uses kubectl get commands in SKILL.md to retrieve cluster resource definitions (Pods, RoleBindings, etc.) in JSON format for analysis.
  • Boundary markers: The provided command patterns do not include specific delimiters or instructions to the agent to ignore potentially malicious content embedded within the retrieved resource data.
  • Capability inventory: The skill includes the mcp__flux-operator-mcp__apply_kubernetes_manifest tool, allowing it to modify the cluster state based on its analysis.
  • Sanitization: There is no explicit mention of sanitizing or validating the content of the Kubernetes resources before the agent processes them.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 28, 2026, 08:58 AM