kubectl
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill is designed to execute various
kubectlcommands, providing extensive control over a Kubernetes cluster. This includes the ability to modify cluster states, such as scaling deployments, restarting services, and applying new manifests via thekubectl applycommand. - [DATA_EXFILTRATION]: The skill interacts with the
KUBECONFIGenvironment variable and accesses the default kubeconfig path (~/.kube/config), which typically contains sensitive cluster access credentials. Furthermore, commands such askubectl get -o yamlandkubectl logscan retrieve and display potentially sensitive information, including Secrets, ConfigMaps, and application logs. - [PROMPT_INJECTION]: The skill demonstrates a vulnerability surface for indirect prompt injection through the processing of data from the Kubernetes environment.
- Ingestion points: Data enters the agent's context through output from
kubectl logs,kubectl get, andkubectl describecommands, which fetch logs and resource specifications directly from the cluster. - Boundary markers: The skill does not define specific delimiters or instructional boundaries to separate command output from the agent's own internal logic.
- Capability inventory: The skill includes high-impact capabilities such as arbitrary command execution (via
kubectl), port forwarding, and the ability to modify infrastructure components. - Sanitization: No validation or sanitization of the data retrieved from the cluster is performed, allowing potentially malicious instructions embedded in logs or resource metadata to influence agent behavior.
Audit Metadata