The Agent Skills Directory

[COMMAND_EXECUTION]: The auditing scripts scripts/agent.py and scripts/process.py utilize subprocess.run() to execute kubectl commands. These calls are implemented securely using argument lists rather than raw shell strings, which effectively prevents command injection vulnerabilities.
[EXTERNAL_DOWNLOADS]: The skill documentation correctly guides users toward official and well-known industry resources, such as the Kubernetes documentation, CIS Benchmarks, and OWASP cheat sheets. It recommends installing standard security plugins via krew (the official Kubernetes plugin manager), which is a trusted practice in the domain.
[DATA_EXPOSURE]: The audit tools retrieve cluster configuration data (such as Role and RoleBinding definitions) to perform analysis. This data is handled locally within the execution environment and is not exfiltrated to external network endpoints.
[CREDENTIALS_UNSAFE]: The documentation mentions using KUBECONFIG and cluster-admin access for auditing purposes. This is a legitimate prerequisite for the stated task, and no hardcoded credentials or private keys were found within the skill's files.

implementing-rbac-hardening-for-kubernetes