The Agent Skills Directory

[COMMAND_EXECUTION]: The skill includes commands for high-privilege host interaction, including container escapes using nsenter and chroot, as well as mounting host filesystems (mount /dev/sda1 /host). It also utilizes kubectl for administrative cluster operations.\n- [DATA_EXFILTRATION]: The skill provides instructions for the discovery and extraction of sensitive credentials, including cluster-wide Kubernetes secrets, service account tokens, and cloud identity tokens from AWS, GCP, and Azure Instance Metadata Services (IMDS).\n- [PROMPT_INJECTION]: The skill exhibits a surface for indirect prompt injection. 1. Ingestion points: Untrusted cluster data is ingested via kubectl get pods -A -o json in SKILL.md and attack-matrix.md. 2. Boundary markers: No delimiters or 'ignore embedded instructions' warnings are present. 3. Capability inventory: The agent has access to administrative kubectl commands, curl, and host-level execution tools like nsenter. 4. Sanitization: No evidence of escaping or validation of cluster resource content is provided before processing.\n- [EXTERNAL_DOWNLOADS]: The skill downloads and installs the security tools 'kubescape' and 'trivy' from the official Homebrew package registry.

k8s-security-redteam