The Agent Skills Directory

[COMMAND_EXECUTION]: The Python scripts scripts/agent.py and scripts/process.py utilize the subprocess module to execute kubectl commands. This functionality is intended for gathering cluster configuration data (namespaces and pods) to perform security audits.
[EXTERNAL_DOWNLOADS]: The workflow documentation in references/workflows.md includes instructions to download and execute the Kubescape installation script from its official GitHub repository. Kubescape is a well-known security tool, and this download is part of a standard security assessment workflow.
[PROMPT_INJECTION]: The auditing scripts have an indirect prompt injection surface because they ingest metadata directly from the Kubernetes environment (such as resource names and labels) which are externally controlled.
Ingestion points: Cluster metadata is ingested via kubectl output in scripts/agent.py and scripts/process.py.
Boundary markers: No explicit delimiters are used to isolate ingested data from the audit report logic.
Capability inventory: The scripts are limited to read-only cluster auditing and local report generation; no dangerous operations are performed based on the contents of the ingested metadata.
Sanitization: The scripts parse JSON data but do not sanitize individual metadata strings before including them in the generated audit report.

implementing-kubernetes-pod-security-standards