performing-kubernetes-penetration-testing

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly fetches and runs public third-party content (e.g., "curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash" and "kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml"), so the agent is instructed to ingest and execute untrusted GitHub-hosted resources that could alter behavior or supply executable instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote content — notably "curl -s https://raw.githubusercontent.com/kubescape/kubescape/master/install.sh | /bin/bash" and "kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml" — which download and run remote code/manifests and are thus high-risk external dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly instructs creating privileged pods that mount the host root (hostPath: /), chrooting into the host, accessing host/etc Kubernetes certs and secrets, and other actions that directly bypass protections and modify/compromise the host and cluster state.