kubectl-skill
Pass
Audited by Gen Agent Trust Hub on Apr 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute the
kubectlbinary to interact with Kubernetes clusters. This involves listing pods, viewing logs, managing deployments, and executing commands within containers, which is the primary and intended purpose of the skill. - [CREDENTIALS_UNSAFE]: The skill provides documentation for commands like
kubectl config view, which outputs the local Kubernetes configuration. Users should be aware that this can expose cluster tokens and credentials if the agent is instructed to run it without masking. - [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by ingesting untrusted data from the Kubernetes environment.
- Ingestion points: Resource logs (
kubectl logs), resource descriptions (kubectl describe), and cluster events (kubectl get events) are read into the agent's context fromSKILL.mdandREFERENCE.md. - Boundary markers: The instructions do not define clear delimiters or warnings to ignore instructions embedded within the cluster data.
- Capability inventory: The skill has extensive capabilities, including executing shell commands inside pods (
kubectl exec), modifying cluster resources (kubectl apply,kubectl set image), and deleting resources (kubectl delete). - Sanitization: No sanitization or filtering of the Kubernetes API output is performed before processing.
Audit Metadata