Security audit

k8s CLI command reference skill pack

Security checks across malware telemetry and agentic risk

Overview

This is a static kubectl reference pack, but many generated pages contain unrelated database/storage options and some examples can expose credentials, so users should review it before relying on it.

Install only if you want a static kubectl reference and will verify generated command options against kubectl --help or official Kubernetes docs before use. Be especially careful with parent-option tables, secret-printing examples, command-line passwords, profile edits, and mutating cluster commands such as delete, apply, certificate approval, RBAC changes, exec, and kubeconfig edits.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (75)

Intent-Code Divergence

Medium

Confidence: 84% confidence
Finding: The page describes a narrow-purpose kuberc preference-management command, but the broader option set shown later includes unrelated storage/database parameters. This mismatch can mislead users and downstream agents into believing the command supports capabilities it should not, increasing the chance of unsafe invocation or trust in tampered/generated documentation.

Context-Inappropriate Capability

Medium

Confidence: 94% confidence
Finding: Documenting storage-driver and database configuration flags for a kuberc preferences tool is unjustified and indicates either documentation corruption or option injection from an unrelated component. If consumed by automation or operators, this can cause unauthorized connections, secret exposure through parameters, or execution of unintended functionality under false assumptions.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: The document presents this command as only viewing local kuberc configuration, but the inherited parent options include network, authentication, and storage-related capabilities that materially expand what an operator may think the command can touch. This kind of scope mismatch is dangerous because users and downstream agents may treat the command as harmless read-only documentation when it can participate in authenticated server interactions or expose sensitive configuration context.

Intent-Code Divergence

Medium

Confidence: 90% confidence
Finding: The synopsis says the command displays kuberc contents, yet the options list includes API-server authentication, impersonation, TLS, and request settings. This discrepancy can mislead users or automation into underestimating the sensitivity of the command context, especially where kubeconfig, tokens, or remote-cluster settings are involved.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The annotate command documentation includes unrelated storage-driver/database flags such as host, user, and password, which do not match kubectl annotate’s expected parent options. This inconsistency can mislead an agent or user into supplying database credentials or invoking unsupported behavior, creating confusion and potential credential exposure in automation contexts.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page documents `kubectl api-resources`, whose purpose is to list supported API resources, but its parent-options section includes unrelated `--storage-driver-*` database flags with defaults such as host, user, and password. This inconsistency can mislead users into believing unsupported or unintended capabilities exist, and the embedded default credentials/DB settings normalize insecure operational patterns and may cause accidental exposure or misuse in automation.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page documents `kubectl api-versions` as a read-only command, but includes unrelated `storage-driver-*` options with database host/user/password settings and write-buffer behavior. This inconsistency can mislead users or downstream tooling into believing the command supports database-backed behavior, increasing the risk of unsafe invocation, credential mishandling, or confusion about what the command actually does.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page documents parent options for `kubectl apply edit-last-applied`, but this range includes unrelated `storage-driver-*` database flags that do not fit the command’s purpose. In a tool-reference skill, inaccurate or cross-contaminated options can mislead an agent or user into invoking unintended functionality, potentially exposing database credentials or causing writes to unexpected backends.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page documents a kubectl apply subcommand, but the parent options section includes unrelated storage-driver/database flags with defaults like localhost:8086 and root/root. In a tool-reference skill, this kind of mismatched option injection can mislead an agent or user into exposing database credentials, targeting the wrong backend, or treating non-kubectl flags as legitimate, which undermines command safety and trust in the documentation.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document for `kubectl auth reconcile` includes unrelated `storage-driver-*` database flags, which do not match the command's RBAC reconciliation purpose. In a tool-reference skill, this can mislead an agent or user into supplying database credentials or invoking unsupported options, increasing the risk of credential exposure, operational misuse, or prompt/data poisoning via corrupted autogenerated docs.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page for `kubectl auth whoami` includes unrelated storage-driver/database options such as host, user, and password settings. In a tool-reference skill, incorrect options can mislead users or downstream agents into invoking unsupported or dangerous flags, causing accidental credential exposure or misuse of the command.

Context-Inappropriate Capability

Medium

Confidence: 88% confidence
Finding: The autoscale command reference includes unrelated storage-driver/database flags and defaults such as host, user, and password, which do not belong in normal kubectl autoscale usage. In an agent skill context, this can mislead users or downstream agents into supplying database credentials or invoking unintended functionality, expanding the attack surface and increasing the chance of credential mishandling.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The page claims to document `kubectl certificate`, but it includes unrelated storage-driver and profiling/database flags that do not fit the command’s stated purpose. In security-sensitive tooling docs, this kind of option-surface mismatch can mislead users into invoking unsafe or unintended capabilities, and may indicate a bad generation pipeline or content mix-up that propagates dangerous guidance.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page for `kubectl certificate approve` includes unrelated `storage-driver-*` options with database defaults like `root`/`root` and `localhost:8086`, which contradict the command’s purpose. In a security-sensitive admin workflow, incorrect options can mislead operators, normalize unsafe defaults, and cause execution of unintended flags or trust in tampered documentation.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The `kubectl config` documentation includes `storage-driver-*` database options that are unrelated to kubeconfig editing and inconsistent with the tool's stated purpose. This kind of capability drift can mislead an agent into accepting or invoking unintended external connectivity or credential-bearing functionality, increasing the risk of misuse and unsafe command construction.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The document for `kubectl config delete-cluster` includes unrelated `storage-driver-*` database flags, which do not fit the command's purpose of editing local kubeconfig. In a tool-reference skill, inaccurate or injected options can mislead downstream agents or users into supplying database credentials or invoking unintended functionality, creating a documentation integrity and potential credential-exposure risk.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: This page is supposed to document `kubectl config delete-context`, but it includes unrelated `storage-driver-*` database options with defaults like host, user, and password. In a tool-reference skill, inaccurate operational guidance can mislead users or downstream agents into invoking unsupported or dangerous flags, creating configuration confusion and increasing the chance of credential mishandling or unsafe command construction.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The embedded option text contradicts the command's stated purpose by describing unrelated storage/database capabilities. This inconsistency is dangerous in an agent skill because automated systems may trust the documentation as executable guidance, leading to misuse of flags, propagation of bogus parameters, or accidental disclosure of sensitive values such as database credentials in logs or command histories.

Intent-Code Divergence

Medium

Confidence: 92% confidence
Finding: This documentation page for `kubectl config delete-user` includes unrelated `storage-driver-*` database flags, including default credentials like `root`, which contradict the command’s purpose and can mislead users into thinking these flags are valid or supported. In security-sensitive CLI documentation, inaccurate options can cause unsafe configuration, credential misuse, or accidental exposure of database-related parameters in scripts and automation.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: This documentation for `kubectl config get-clusters` includes unrelated `storage-driver-*` database flags, which do not match the command’s stated purpose of listing clusters from kubeconfig. In a tool/agent skill context, incorrect flags can mislead downstream automation or operators into supplying database credentials or invoking unsupported options, creating confusion, accidental secret exposure, or unsafe command construction.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page documents `kubectl config rename-context`, but the options section includes unrelated storage-driver/database flags that do not belong to this command. This can mislead users into believing the command supports unexpected capabilities, and in a security-sensitive Kubernetes context, inaccurate CLI documentation can cause unsafe operator actions, misconfiguration, or trust in tampered/generated docs.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: The page documents `kubectl config set-cluster`, but its parent options section includes unrelated `storage-driver-*` database flags and default credentials that do not belong to normal kubectl kubeconfig configuration. This can mislead users into invoking unsupported or dangerous options, normalizes insecure defaults such as `root/root`, and indicates documentation generation or content-integrity problems that could propagate unsafe operational behavior.

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The parent options section includes unrelated storage-driver/database flags such as database host, username, and password defaults, which are inconsistent with `kubectl config set-credentials` and can mislead users into invoking unintended capabilities or trusting spurious options. In a credential-management command reference, this kind of content pollution is dangerous because it may cause users or downstream automation to expose secrets, misconfigure tooling, or rely on documentation that does not match the actual command surface.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The parent options list includes unrelated storage-driver/database flags that do not belong to `kubectl config set` and contradict the command's documented purpose. This can mislead users into believing unsupported or unintended capabilities exist, and in security-sensitive tooling documentation that confusion can cause unsafe configuration, credential exposure, or misuse of adjacent systems.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The page documents `kubectl config unset`, which should only describe removing kubeconfig values, but it includes unrelated `storage-driver-*` database options with defaults such as `root` credentials. This mismatch can mislead users into invoking unsupported or dangerous parameters, propagates incorrect security-sensitive documentation, and may normalize insecure default credentials in operational workflows.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.