Skills
skills/wgpsec/aboutsecurity/k8spider/Gen Agent Trust Hub

k8spider

Fail

Audited by Gen Agent Trust Hub on Apr 22, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions to download a binary from an external and potentially malicious URL using curl or wget (e.g., https://ATTACKER/k8spider).
  • [REMOTE_CODE_EXECUTION]: The instructions detail making a downloaded binary executable and running it (chmod +x followed by execution), which facilitates the execution of untrusted code from remote sources.
  • [COMMAND_EXECUTION]: The skill executes multiple system commands for network reconnaissance and environment information gathering, including:
  • ip addr show and ip route to map internal networks.
  • Reading /etc/resolv.conf to identify cluster DNS servers.
  • Using nslookup and dig for service enumeration via DNS.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Apr 22, 2026, 10:08 AM