Skills
skills/wgpsec/aboutsecurity/k8s-istio-bypass/Gen Agent Trust Hub

k8s-istio-bypass

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHCOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill instructs the agent to use su istio, runuser, or nsenter to switch to UID 1337. This is used to exploit an architectural flaw where UID 1337 traffic is excluded from iptables interception, effectively bypassing all Istio AuthorizationPolicies.
  • [DATA_EXFILTRATION]: Provides specific commands to access the Envoy administration interface (localhost:15000/config_dump), which the skill explicitly identifies as a source for potentially sensitive secrets and cluster configuration.
  • [DATA_EXFILTRATION]: Encourages the discovery and reading of sensitive cryptographic materials and secrets located in /etc/certs/ and /var/run/secrets/istio/.
  • [EXTERNAL_DOWNLOADS]: References the use of k8spider, a non-standard external reconnaissance tool for scanning service CIDRs in Kubernetes environments.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:08 AM