k8s-cost
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- PROMPT_INJECTION (HIGH): The skill is vulnerable to Indirect Prompt Injection because it processes data from external, potentially untrusted sources (Kubernetes cluster metadata).
- Ingestion points: The skill reads resource names, labels, and metrics via tools like
get_pod_metrics,get_resource_usage, andget_services(referenced inSKILL.mdandscripts/find-overprovisioned.py). - Boundary markers: Absent. There are no instructions to the agent to ignore or sanitize embedded instructions within the resource names or labels it retrieves.
- Capability inventory: The skill possesses high-impact write capabilities, including deleting PersistentVolumeClaims (PVCs) and scaling deployments.
- Sanitization: Absent. Data retrieved from the cluster is used to drive decision-making and report generation without validation against injection patterns.
- COMMAND_EXECUTION (MEDIUM): The skill encourages automated or semi-automated destructive operations on production infrastructure.
- Evidence:
SKILL.mdlists "Find and delete unused PVCs" as its highest priority (Priority 1). If the analysis script or the tool output is influenced by an attacker (e.g., by creating pods that make legitimate PVCs appear orphaned), the agent may delete critical data storage.
Recommendations
- AI detected serious security threats
Audit Metadata