k8s-network-recon
Fail
Audited by Gen Agent Trust Hub on May 4, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill instructs the agent to download and install security tools from unverified third-party sources, specifically 'k8spider' from 'github.com/Esonhugh/k8spider' and the 'CDK' penetration toolkit via the 'f8x' installer.
- [REMOTE_CODE_EXECUTION]: Provides a functional Python script for ARP spoofing in 'references/network-attacks.md' and directs the agent to execute it to facilitate traffic interception.
- [COMMAND_EXECUTION]: Extensive use of shell commands like 'nslookup', 'dig', 'curl', and 'arpspoof' for active network mapping and service exploitation.
- [DATA_EXFILTRATION]: Describes technical methods for conducting Man-in-the-Middle (MITM) attacks to capture sensitive data, such as database credentials, API tokens, and internal service authentication headers from unencrypted traffic.
- [PROMPT_INJECTION]: Vulnerable to indirect prompt injection. Ingestion points: service names and network response content (SKILL.md). Boundary markers: Absent. Capability inventory: Package installation and script execution. Sanitization: Absent. The skill also includes instructions to proactively trigger its use during lateral movement, potentially overriding user-defined constraints.
Recommendations
- AI detected serious security threats
Audit Metadata