skill: add Kubernetes security testing knowledge package (cloud/kubernetes.md) #324
Description
Summary
The strix/skills/cloud/ directory is currently empty. I'd like to contribute the first skill in this category: a Kubernetes security testing knowledge package.
Proposed content for cloud/kubernetes.md
- RBAC misconfigurations -- overly permissive ClusterRoles, wildcard verbs, service account token exposure
- Exposed Kubernetes APIs -- unauthenticated API server, kubelet read-only port (10255), etcd exposure
- Container escape vectors -- privileged containers, hostPID/hostNetwork, dangerous capabilities (CAP_SYS_ADMIN)
- Network policy gaps -- missing NetworkPolicy resources allowing unrestricted pod-to-pod traffic
- Secret management issues -- secrets stored in env vars, unencrypted etcd, exposed ConfigMaps
- Workload misconfigurations -- missing resource limits, runAsRoot, missing securityContext
- Supply chain risks -- unscanned images, mutable tags (
:latest), unsigned images - Common testing tools --
kubectl auth can-i,kube-bench,trivy,kubesec, manual API enumeration - Validation methods -- how to confirm findings and avoid false positives per category
Why this matters
Kubernetes is one of the most widely deployed platforms, and cloud-native infrastructure is increasingly in scope for penetration tests. The cloud/ category currently has no skills, so this would be the foundation for cloud infrastructure testing coverage in Strix.
Happy to submit a PR once this direction is confirmed!