k8sGPT has Prompt Injection through its k8sGPT-Operator

Summary

In the auto-remediation pipeline, object_to_execution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object.

Details

This issue was fixed after coordination with Alex Jones.

PoC

To minimize the impact, the PoC of this vulnerability wasn't released, but was shared with the maintainers.