The Agent Skills Directory

EXTERNAL_DOWNLOADS (HIGH): The skill provides examples for creating VirtualMachines that pull external images from remote URLs. Specifically, it references 'https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2' for DataVolumes and 'quay.io/kubevirt/fedora-cloud-container-disk-demo' for containerDisks. This facilitates the introduction of unverified external code into the environment.
REMOTE_CODE_EXECUTION (HIGH): By deploying VMs and containers from remote registries or URLs via 'kubectl_apply', the skill effectively executes remote code within the Kubernetes cluster context.
COMMAND_EXECUTION (HIGH): The inclusion of 'kubectl_apply' allows the agent to execute arbitrary manifest files, providing a high-privilege path to modify any resource in the cluster that the underlying service account can access.
INDIRECT PROMPT INJECTION (HIGH): The skill ingests untrusted data from the cluster environment via 'kubevirt_vm_get_tool' and 'get_events'. If an attacker labels or annotates a resource with malicious instructions, the agent might interpret these as commands when processing the cluster state, leading to unsafe tool calls.
PRIVILEGE ESCALATION (MEDIUM): While KubeVirt management is the stated purpose, the tools provided could be used to deploy resources with elevated privileges (e.g., privileged containers or hostPath volumes) if the agent is not strictly constrained by RBAC.

k8s-kubevirt