kubernetes
Pass
Audited by Gen Agent Trust Hub on Mar 18, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: Provides extensive CLI capabilities for Kubernetes clusters using kubectl, helm, and argocd. This includes resource creation, modification, and the ability to execute arbitrary commands inside containers via kubectl exec.\n- [EXTERNAL_DOWNLOADS]: Downloads configuration and installation manifests from external sources, including the official ArgoCD repository on GitHub and established Helm registries. It also utilizes npx to execute the Kubernetes MCP server package.\n- [PROMPT_INJECTION]: Exhibits a vulnerability surface for indirect prompt injection by ingesting and displaying data directly from the Kubernetes cluster.\n
- Ingestion points: Cluster logs, resource descriptions, and event streams via kubectl logs, kubectl describe, and argocd app logs in SKILL.md.\n
- Boundary markers: No explicit instructions or delimiters are used to separate ingested cluster data from the agent's instructions.\n
- Capability inventory: Powerful capabilities include kubectl exec, kubectl apply, and argocd app create in SKILL.md.\n
- Sanitization: No validation or sanitization of ingested cluster content is specified before it is presented to the agent.
Audit Metadata