performing-kubernetes-cis-benchmark-with-kube-bench

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md workflow instructs fetching and applying remote files (e.g., curl from github.com/releases and kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml) so the agent's run/apply/log steps will ingest and act on public third-party content from GitHub URLs which could materially influence tool execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly tells the agent to use sudo to move binaries and includes instructions to modify system files (e.g., /etc/kubernetes/manifests, /var/lib/kubelet/config.yaml) and run privileged pods or require cluster-admin/node access, which require elevated privileges and can change the host/system state.