The Agent Skills Directory

[DATA_EXFILTRATION]: The skill implements a fallback mechanism in scripts/agent.py that automatically transmits the contents of local Kubernetes manifests to a remote HTTP endpoint (https://v2.kubesec.io/scan) if the local kubesec binary is not found. Since Kubernetes manifests often contain sensitive data like Secrets, environment variables, and private configuration, this automatic transmission to a third-party service represents a significant data exposure risk. Additionally, scripts/process.py allows sending manifest data to a user-specified URL via curl, which could be exploited to divert sensitive files to an attacker-controlled server.\n- [COMMAND_EXECUTION]: The scripts/agent.py and scripts/process.py scripts utilize subprocess.run to execute external commands including the kubesec binary and curl for file processing and network communication.\n- [EXTERNAL_DOWNLOADS]: The SKILL.md file provides instructions for downloading a binary executable from a remote GitHub repository (controlplaneio/kubesec) and installing it into a system path (/usr/local/bin/). Downloading and executing binaries from external sources, especially into protected system directories, is a high-risk operation.\n- [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection because it reads untrusted Kubernetes manifest files from the local filesystem (scripts/agent.py line 31, scripts/process.py line 25) and processes them without sanitization or explicit boundary markers. These contents are then used with capabilities like command execution and network requests, creating a surface where malicious content within a manifest could attempt to influence the agent's behavior.\n
Ingestion points: scripts/agent.py (line 31), scripts/process.py (line 25)\n
Boundary markers: Absent\n
Capability inventory: subprocess.run (agent.py:34, process.py:38), requests.post (agent.py:56), curl (process.py:33)\n
Sanitization: Absent

scanning-kubernetes-manifests-with-kubesec