k8s-troubleshoot
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The skill ingests untrusted data from Kubernetes pod logs, events, and descriptions. Malicious actors could place instructions in these fields to take control of the agent session. Ingestion points:
get_pod_logs(SKILL.md, diagnose-pod.py),get_events(SKILL.md, diagnose-pod.py), anddescribe_pod(SKILL.md, diagnose-pod.py). Boundary markers: Absent. No instructions or delimiters distinguish diagnostic data from system instructions. Capability inventory: High-privilege tools includingkubectl_exec(arbitrary command execution in containers) and cluster-wide resource access. Sanitization: Absent. External content is processed directly. - [Command Execution] (HIGH): The skill provides the agent with
kubectl_execcapability (SKILL.md), allowing for arbitrary code execution within the managed Kubernetes cluster. While intended for troubleshooting, it represents a significant security surface if the agent is misled by indirect injection. - [Best Practice Violation] (LOW): The
scripts/health-check.shscript does not properly quote variables when constructing commands (e.g.,kubectl $KUBECTL_OPTS), which could lead to unexpected behavior if inputs contain spaces or special characters.
Recommendations
- AI detected serious security threats
Audit Metadata