hunt-k8s
Fail
Audited by Gen Agent Trust Hub on Jun 13, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill contains commands that pipe untrusted output from remote network targets directly into the Python interpreter (e.g.,
| python3 -m json.tooland| python3 -c ...). This pattern is identified as a high-risk vector because a malicious target could serve executable content instead of the expected data.\n- [COMMAND_EXECUTION]: The skill executes multiple shell commands includingcurl,nmap,etcdctl, andkubectlto interact with network services and system sockets (like/var/run/docker.sock).\n- [EXTERNAL_DOWNLOADS]: Fetches and processes data from various remote endpoints such as Kubernetes API servers, Kubelet instances, and etcd databases.\n- [PROMPT_INJECTION]: The skill is vulnerable to Indirect Prompt Injection (Category 8):\n - Ingestion points: Untrusted data is ingested from remote Kubernetes API endpoints, Kubelet pods/logs, and etcd values (Phase 2, 3, 4, 5).\n
- Boundary markers: None. External content is not wrapped in delimiters or accompanied by instructions to ignore embedded commands.\n
- Capability inventory: The agent can execute shell commands, perform network operations, and interact with local sockets.\n
- Sanitization: No validation or sanitization is performed on the data retrieved from external sources before it is processed or displayed.
Recommendations
- HIGH: Downloads and executes remote code from: http://$TARGET:10255/pods, http://$TARGET:2379/v2/keys/?recursive=true - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata