performing-kubernetes-cis-benchmark-with-kube-bench

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The SKILL.md and workflows.md explicitly instruct fetching and applying content from public GitHub URLs (e.g., curl to github.com/aquasecurity/kube-bench releases and kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml), which causes the agent/operator to ingest and execute untrusted third‑party manifests/binaries that can materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime/install steps fetch and execute remote code/manifests (e.g., curl -L https://github.com/aquasecurity/kube-bench/releases/download/v0.7.3/kube-bench_0.7.3_linux_amd64.tar.gz | tar xz and kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml), which are required dependencies and will execute code when applied.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit sudo commands (sudo mv ...), instructions to modify system files under /etc and /var/lib, and to run privileged pods/job manifests that require root/cluster-admin access, which all push the agent to change the host/system state and escalate privileges.