skills/cacheforge-ai/cacheforge-skills/kube-medic/Snyk

kube-medic

Warn

Audited by Snyk on Mar 27, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 0.80). The skill explicitly fetches and parses user-generated cluster content (pod logs, events) via kubectl (see scripts/kube-medic.sh cmd_pod and cmd_sweep and the SKILL.md / SECURITY.md notes stating "Pod logs ... are passed to the LLM for analysis"), so untrusted runtime log/event text can be read and used to drive diagnoses and recommended write actions.

Issues (1)

W011

MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

Audit Metadata

Risk Level

MEDIUM

Analyzed

Mar 27, 2026, 02:06 PM

Issues

1

Security Audit — snyk — kube-medic