k8sGPT has Prompt Injection through its k8sGPT-Operator
In the auto-remediation pipeline, object_to_execution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of validation from the original Deployment object.