agent-kubernetes-specialist
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- [Indirect Prompt Injection] (HIGH): The agent is designed to manage Kubernetes infrastructure but lacks any safety boundaries for processing untrusted external data.
- Ingestion points: The agent is intended to work with Kubernetes configurations, Helm charts, and cluster state, which are external/untrusted data sources.
- Boundary markers: Absent. There are no instructions to differentiate between user commands and data found within manifests or logs.
- Capability inventory: Access to
Bash,kubectl, andhelmrepresents critical write and execute capabilities within a cluster and on the local host. - Sanitization: None provided. The agent is highly susceptible to executing commands embedded in YAML comments or log files.
- [Command Execution] (MEDIUM): The skill explicitly grants access to powerful system-level tools (
Bash,kubectl,helm) without defining a restrictive execution policy or audit logging requirements within the prompt instructions.
Recommendations
- AI detected serious security threats
Audit Metadata