kubeadm-join

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt repeatedly shows and instructs embedding bootstrap tokens, discovery CA hashes, and certificate keys directly into kubeadm join commands and config files (e.g., --token, --certificate-key, token fields in join-config.yaml), which requires including secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs the agent to fetch the publicly-accessible kube-public/cluster-info ConfigMap via curl (https://.../namespaces/kube-public/configmaps/cluster-info), an unauthenticated resource whose kubeconfig/CA data the join workflow must read and act on during discovery/TLS bootstrap, so untrusted third-party content could materially influence behavior.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt instructs running root-level commands that change system state (kubeadm join/reset, systemctl and firewall-cmd operations, rm -rf /etc/kubernetes, iptables flush, etc.), which require sudo and modify system files/services.