k8s-incident
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): The skill creates a high-risk attack surface by consuming untrusted data from the Kubernetes cluster while possessing administrative capabilities.
- Ingestion points: The tools
get_pod_logs,get_events, anddescribe_pod(referenced inSKILL.md) ingest free-text data from the cluster environment. - Boundary markers: There are no explicit instructions or delimiters mentioned to separate untrusted data from agent instructions.
- Capability inventory: The skill includes high-privilege tools such as
delete_pod(with force=True),rollback_deployment, androllback_helm_release(referenced inSKILL.md). - Sanitization: No evidence of sanitization or filtering of log/event content before processing.
- Privilege Escalation (HIGH): The skill explicitly provides tools for destructive and state-altering operations in a production environment.
- Evidence:
delete_pod(name, namespace, grace_period=0, force=True)inSKILL.mdprovides direct capability for resource destruction. - Evidence:
rollback_deploymentandrollback_helm_releaseallow the agent to modify the cluster's desired state without additional confirmation layers.
Recommendations
- AI detected serious security threats
Audit Metadata