kubernetes-specialist
Pass
Audited by Gen Agent Trust Hub on Jun 20, 2026
Risk Level: SAFECOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions for performing interactive and high-privilege operations within the cluster.
- Uses
kubectl debug nodecombined withchroot /hostinreferences/troubleshooting.mdto gain direct filesystem access to the underlying Kubernetes host node. - Employs
kubectl execandkubectl debugfor interactive shell access to running containers for troubleshooting. - Instructs the use of
sudoinreferences/multi-cluster.mdto move downloaded binaries into system-protected directories like/usr/local/bin. - [REMOTE_CODE_EXECUTION]: Several workflows involve downloading and immediately executing scripts from external domains.
references/gitops.mdandreferences/service-mesh.mdcontain instructions to pipe remote scripts to a shell (e.g.,curl | bash) for the installation of Istio, Linkerd, and Submariner.- [EXTERNAL_DOWNLOADS]: The skill fetches tools and configurations from external sources.
- Downloads binaries such as
clusterctldirectly from GitHub releases inreferences/multi-cluster.md. - Fetches and applies remote Kubernetes manifests from various GitHub organizations including
argoproj,bitnami-labs, andkubernetes-sigs. - [CREDENTIALS_UNSAFE]: Example configuration files contain mock sensitive data that may be detected by automated scanners.
references/configuration.mdincludes an example API key following thesk-pattern (sk-1234567890abcdef) and hardcoded generic passwords in manifest templates.- [PROMPT_INJECTION]: The skill presents an indirect prompt injection surface when processing external manifests.
- Ingestion points: The agent is instructed to process user-provided or external Helm charts, RBAC policies, and YAML manifests in
SKILL.md. - Boundary markers: The instructions lack specific delimiters or warnings to ignore embedded instructions within processed data.
- Capability inventory: The skill allows for the creation, modification, and deletion of cluster resources, and provides interactive command execution capabilities.
- Sanitization: No explicit sanitization or validation steps are provided to check untrusted manifests for malicious instructions before application.
Audit Metadata