troubleshooting-kubernetes
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill is vulnerable to instructions embedded in the data it processes.
- Ingestion points: The skill reads external content through
kubectl logs,kubectl describe, andkubectl get events(Workflow and Symptom sections). - Boundary markers: Absent. There are no instructions to the agent to distinguish between its own logic and instructions that might be found in logs.
- Capability inventory: The skill executes modifying commands like
kubectl set resources,kubectl rollout undo, andkubectl delete(Interactive Fix and Anti-Pattern sections). - Sanitization: Absent. No filtering or escaping is applied to the data retrieved from the cluster before it is used to determine actions.
- [Command Execution] (HIGH): The skill provides a high-privilege interface to Kubernetes. Even with user confirmation steps, the risk of the agent suggesting or executing harmful commands based on manipulated or misinterpreted cluster state is substantial.
Recommendations
- AI detected serious security threats
Audit Metadata