cdk-escape
Fail
Audited by Gen Agent Trust Hub on Apr 22, 2026
Risk Level: HIGHCOMMAND_EXECUTIONREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill instructs the agent to execute the CDK tool to perform container escape and privilege escalation. Examples include using
cdk run mount-cgroupandcdk run shim-pwnto bypass container boundaries. - [REMOTE_CODE_EXECUTION]: Provides explicit commands to download an executable binary from an attacker-controlled remote server (
https://ATTACKER/cdk) and grant it execution permissions (chmod +x). - [DATA_EXFILTRATION]: Includes commands to harvest sensitive system data and credentials, such as reading
/etc/shadow, dumping Kubernetes secrets (cdk run k8s-secret-dump), and accessing cloud environment metadata. - [COMMAND_EXECUTION]: Instructs the agent to exploit specific kernel vulnerabilities, including CVE-2021-22555 and CVE-2022-0847 (DirtyPipe), to achieve root access on the host system.
- [DATA_EXFILTRATION]: Contains instructions for performing internal network reconnaissance using
cdk run service-probeto identify other vulnerable services within the network. - [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface as it processes output from environment evaluation (
cdk evaluate) to determine subsequent high-privilege actions without sanitization or boundary markers.
Recommendations
- AI detected serious security threats
Audit Metadata