auditing-kubernetes-rbac-privilege-escalation

Fail

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill provides instructions for performing a container-to-host escape (MITRE ATT&CK T1611) by scheduling a privileged pod that mounts the host's root filesystem. This is presented as a proof-of-concept for use in authorized lab environments.
  • [DATA_EXFILTRATION]: The instructions and scripts demonstrate how to retrieve sensitive Kubernetes secrets and service-account tokens, which are high-value credentials within a cluster environment.
  • [EXTERNAL_DOWNLOADS]: Fetches the rbac-police auditing tool from Palo Alto Networks' official GitHub releases.
  • [EXTERNAL_DOWNLOADS]: Uses the kubectl krew plugin manager to install security utilities such as who-can (Aqua Security) and rbac-lookup (Fairwinds) from established third-party sources.
  • [REMOTE_CODE_EXECUTION]: Executes the downloaded rbac-police binary after modifying its permissions with chmod +x to automate the discovery of escalation paths.
  • [COMMAND_EXECUTION]: The scripts/agent.py script utilizes the subprocess.run function to programmatically execute kubectl commands for cluster resource enumeration.
  • [PROMPT_INJECTION]: The skill exhibits an attack surface for indirect prompt injection by processing external cluster data (RBAC configurations) without boundary markers or sanitization.
  • Ingestion points: scripts/agent.py ingests data from kubectl get commands.
  • Boundary markers: None identified in the instructions or scripts.
  • Capability inventory: The script has the ability to execute subprocesses through kubectl (defined in scripts/agent.py).
  • Sanitization: No filtering or validation of cluster-provided data is performed before processing.
Recommendations
  • HIGH: Downloads and executes remote code from: https://github.com/PaloAltoNetworks/rbac-police/releases/latest/download/rbac-police-linux-amd64 - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 23, 2026, 03:41 AM
Security Audit — agent-trust-hub — auditing-kubernetes-rbac-privilege-escalation