Agentinelv0.1.0

MCP security scorecard — OWASP Agentic Top 10 (2026)
target kubernetes  ·  1 server  ·  6 tools  ·  from published tool specs
2
Findings
HIGH
Max severity
0
Critical
1
High
0
Medium

Capability matrix · Rule of Two

Server / toolA untrustedB sensitiveC external
kubernetes / kubectl_apply · ·
kubectl_delete · ·
kubectl_generic · · ·
kubectl_get · ·
kubectl_logs · ·
kubectl_scale ·

Findings

HIGH

Unsafe code or command execution surface

ASI05 kubernetes:kubectl_generic

Tool 'kubectl_generic' exposes code or command execution to the agent, so an injected instruction could run commands on the host.

matched: execute any

✓ Sandbox execution, drop privileges, allow-list commands, and require human approval for any code-execution tool.

ASI05 · Unexpected Code Execution · confidence 70%

INFO

Two of three lethal-trifecta axes present

ASI02 server:kubernetes

This server's toolset already holds two trifecta axes (B:sensitive-access, C:external-comms). Adding a tool with the third axis — or connecting it alongside another server that provides it — would complete the lethal trifecta.

axes present: B:sensitive-access, C:external-comms

✓ Break the trifecta: remove one axis, split capabilities across isolated agents, or require human approval for the state-changing / external-comms step.

ASI02 · Tool Misuse and Exploitation · confidence 60%