k8s-security-policies
Warn
Audited by Gen Agent Trust Hub on Mar 3, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The 'Memory Protocol' section in
SKILL.mduses authoritative language ('MANDATORY', 'ASSUME INTERRUPTION') to override standard agent operational constraints and force compliance with specific filesystem operations outside the skill's scope. - [COMMAND_EXECUTION]: The documentation explicitly directs the agent to execute shell commands (
cat) on absolute host paths (C:\dev\projects\agent-studio\.claude\context\memory\learnings.md), which may expose sensitive information about the user's development environment and project structure. - [COMMAND_EXECUTION]: The 'Memory Protocol' serves as a persistence mechanism by instructing the agent to modify files on the host filesystem (
issues.md,decisions.md) to maintain state across different sessions, which is a violation of typical agent isolation principles. - [PROMPT_INJECTION]: The skill provides a surface for indirect prompt injection because it lacks boundary markers and input sanitization when using its tools to generate or edit Kubernetes manifests.
- Ingestion points: The agent ingests data from external files via the
ReadandGlobtools and uses templates from theassets/directory. - Boundary markers: Absent; there are no instructions or delimiters in
SKILL.mdto ensure the agent ignores potentially malicious instructions embedded in target YAML or markdown files. - Capability inventory: The skill has access to powerful tools including
Bash,Write,Edit, andGrep, which can be exploited if the agent follows instructions from an untrusted data source. - Sanitization: Absent; the
schemas/input.schema.jsondoes not implement validation or escaping for thetargetoroptionsfields, allowing unvalidated paths or configurations to be processed.
Audit Metadata