AI Agent kubectl Safety: Sandboxed Execution for Production

Key Takeaways Giving an AI agent kubectl access is an architecture decision, not a permission flag. Per-permission gates fail under prompt injection. OWASP ranks "Excessive Agency" as LLM06 in the 2