k8s-webhook-abuse

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). It explicitly instructs crafting requests to elicit mutation patches, decoding the Base64 patch and showing environment variable values (secrets/flags/tokens), which requires extracting and outputting secret values verbatim.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicitly malicious: it gives step-by-step instructions to discover admission webhook endpoints, forge AdmissionReview requests that impersonate the API server, and extract injected Secrets/tokens (data exfiltration and cluster compromise), including tooling and protocol details to reliably exploit vulnerable Kyverno/OPA Gatekeeper or custom webhooks.