AgentReadyHomeAgent Listing

← kubernetes-specialist (Jeffallan/claude-skills)

kubernetes-specialist (Jeffallan/claude-skills) — agentic threat model

9.2AIVSS 9.2 · Critical

The kubernetes-specialist agent presents high risk due to its ability to author K8s manifests and potentially execute kubectl commands directly, creating a direct vector for cluster compromise if hijacked via prompt injection or malicious input from other skills in the pack.

OWASP AIVSS score rationale

AIVSS = (CVSS_Base + AARS) × Mitigation_Factor, where AARS = (10 − CVSS_Base) × (Factor_Sum / 10) × ThM
CVSS base 8.5AARS uplift 0.74Factor sum 4.9/10Threat ×1.0Mitigation ×1.0
Autonomy of Action
0.60
Goal-Driven Planning
0.50
Self-Modification
0.10
Dynamic Tool Use
0.80
Persistent Memory
0.20
Contextual Awareness
0.70
Dynamic Identity
0.40
Multi-Agent Interactions
0.60
Non-Determinism
0.50
Opacity & Reflexivity
0.50

Scored with the canonical OWASP AIVSS formula (AIVSS calculator reference); agentic risk factors estimated from the agent’s described capabilities.

MAESTRO 7-layer threat model

Per-layer threats for this agent. Layers tagged “not certain from listing” are general, caveated commentary where the public description didn’t pin that layer.

L1 · Foundation Models✓ mapped

Utilizes Claude-based foundation models. Vulnerable to prompt injection attacks that could trick the model into generating backdoored Kubernetes manifests or executing destructive cluster commands.

L2 · Data Operations⚠ not certain from listing

Not certain from the listing — no specific RAG or vector store architecture is mentioned. It likely relies on local workspace files and parametric knowledge of Kubernetes.

L3 · Agent Frameworks✓ mapped

Part of the 'claude-skills' framework. Threat of tool misuse is high if the agent has direct write access to local YAML files or is permitted to execute shell commands (like kubectl) without strict schema validation.

L4 · Deployment & Infrastructure✓ mapped

Requires access to the developer's local environment or a Kubernetes cluster. If compromised, the agent could be used for privilege escalation within the cluster or lateral movement across namespaces.

L5 · Evaluation & Observability⚠ not certain from listing

Not certain from the listing — no built-in guardrails, logging, or evaluation mechanisms are described to monitor or intercept malicious YAML modifications or kubectl executions.

L6 · Security & Compliance (cross-cutting)⚠ not certain from listing

Not certain from the listing — there is no mention of RBAC, policy enforcement (like OPA/Gatekeeper integration), or audit logging for the actions performed by this skill.

L7 · Agent Ecosystem✓ mapped

Operates as one of 66 specialized skills in a full-stack pack. Vulnerable to cascading failures or trust abuse if a compromised upstream skill passes malicious instructions to this Kubernetes specialist.

MAESTRO — the 7-layer agentic threat-modeling framework (Cloud Security Alliance / Ken Huang).