The Agent Skills Directory

CREDENTIALS_UNSAFE (HIGH): The 'Secret' example manifest in SKILL.md contains hardcoded sensitive credentials including a PostgreSQL connection string with embedded credentials (postgresql://user:pass@host:5432/db) and a live Stripe-formatted API key (sk_live_abc123). Providing such examples can lead to accidental deployment of insecure or leaked credentials.
COMMAND_EXECUTION (HIGH): The skill documentation includes and facilitates the use of high-privilege kubectl commands (e.g., apply, exec, delete). While standard for Kubernetes management, these commands provide a powerful mechanism for a malicious actor to compromise a cluster if the agent is manipulated.
INDIRECT_PROMPT_INJECTION (HIGH): The skill is highly vulnerable to indirect injection due to its infrastructure modification capabilities.
Ingestion points: Untrusted user descriptions for generating Kubernetes manifests.
Boundary markers: Absent. There are no delimiters or instructions to prevent the agent from obeying commands embedded within the input data.
Capability inventory: High-privilege CLI execution via kubectl apply and kubectl exec.
Sanitization: Absent. The skill generates complex manifests from user input without validation or sanitization, allowing for the potential injection of malicious containers, sidecars, or configuration changes.

kubernetes-helper