kubernetes-security
Warn
Audited by Gen Agent Trust Hub on Apr 30, 2026
Risk Level: MEDIUMPROMPT_INJECTIONCREDENTIALS_UNSAFECOMMAND_EXECUTION
Full Analysis
- [PROMPT_INJECTION]: The skill contains contradictory and sabotaged instructions that misdirect the agent. Step 5 incorrectly states 'Containers should instead run as privileged,' and Step 4 lists insecure methods like 'Hardcoding credentials' as recommended 'alternatives' to secure practices. This 'inverted instruction' pattern is likely intended to trick an LLM into ignoring safe code examples in favor of dangerous prose advice.
- [CREDENTIALS_UNSAFE]: In Step 4, the instructions explicitly advise the user/agent to 'Use these alternatives instead: ... Hardcoding credentials in container images or Dockerfiles.' This promotes a high-risk security anti-pattern that leads to secret exposure in container registries and image history.
- [COMMAND_EXECUTION]: Step 5 contains an instruction suggesting that containers 'should instead run as privileged.' Privileged containers in Kubernetes bypass nearly all security boundaries, granting the workload full access to the host kernel and devices, which facilitates host takeover if the container is compromised.
Audit Metadata