kubectl

Warn

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: Fetches the kubectl binary and GPG keys from official Kubernetes infrastructure (dl.k8s.io and pkgs.k8s.io) during the installation process.
  • [REMOTE_CODE_EXECUTION]: The skill facilitates the application of Kubernetes manifests directly from remote URLs using kubectl apply -f <url>.
  • [COMMAND_EXECUTION]: Includes commands for executing interactive shells and arbitrary binary execution within cluster pods via kubectl exec.
  • [COMMAND_EXECUTION]: Setup instructions utilize sudo to move binaries into system-wide executable paths and configure system package managers.
  • [COMMAND_EXECUTION]: Modifies shell profile files (~/.bashrc, ~/.zshrc) to enable persistent command-line autocompletion.
  • [DATA_EXFILTRATION]: Provides instructions for retrieving sensitive data from the cluster, including decoding Secret resources and copying files from containers to the local filesystem using kubectl cp.
  • [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. The agent is instructed to read and analyze cluster data that may contain untrusted content, such as container logs or event descriptions. This information is ingested into the agent's context where it could attempt to influence high-privilege actions like resource deletion or modification.
  • Ingestion points: resources/command-cookbook.md and resources/troubleshooting.md (via kubectl logs, kubectl describe, and kubectl get events).
  • Boundary markers: No specific delimiters or safety instructions are provided to the agent to ignore instructions embedded within the logs or events it reads.
  • Capability inventory: The skill allows for broad cluster control, including apply, patch, delete, and exec capabilities across all resource types.
  • Sanitization: There is no evidence of filtering or sanitization of the external content retrieved from the cluster before it is processed by the agent.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 20, 2026, 10:49 AM
Security Audit — agent-trust-hub — kubectl