kubernetes-specialist

Pass

Audited by Gen Agent Trust Hub on Jun 20, 2026

Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for performing interactive and high-privilege operations within the cluster.
  • Uses kubectl debug node combined with chroot /host in references/troubleshooting.md to gain direct filesystem access to the underlying Kubernetes host node.
  • Employs kubectl exec and kubectl debug for interactive shell access to running containers for troubleshooting.
  • Instructs the use of sudo in references/multi-cluster.md to move downloaded binaries into system-protected directories like /usr/local/bin.
  • [REMOTE_CODE_EXECUTION]: Several workflows involve downloading and immediately executing scripts from external domains.
  • references/gitops.md and references/service-mesh.md contain instructions to pipe remote scripts to a shell (e.g., curl | bash) for the installation of Istio, Linkerd, and Submariner.
  • [EXTERNAL_DOWNLOADS]: The skill fetches tools and configurations from external sources.
  • Downloads binaries such as clusterctl directly from GitHub releases in references/multi-cluster.md.
  • Fetches and applies remote Kubernetes manifests from various GitHub organizations including argoproj, bitnami-labs, and kubernetes-sigs.
  • [CREDENTIALS_UNSAFE]: Example configuration files contain mock sensitive data that may be detected by automated scanners.
  • references/configuration.md includes an example API key following the sk- pattern (sk-1234567890abcdef) and hardcoded generic passwords in manifest templates.
  • [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when processing external manifests.
  • Ingestion points: The agent is instructed to process user-provided or external Helm charts, RBAC policies, and YAML manifests in SKILL.md.
  • Boundary markers: The instructions lack specific delimiters or warnings to ignore embedded instructions within processed data.
  • Capability inventory: The skill allows for the creation, modification, and deletion of cluster resources, and provides interactive command execution capabilities.
  • Sanitization: No explicit sanitization or validation steps are provided to check untrusted manifests for malicious instructions before application.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 20, 2026, 08:41 AM
Security Audit — agent-trust-hub — kubernetes-specialist