diff --git a/apps/agent-zero/configmaps-bluejay.yaml b/apps/agent-zero/configmaps-bluejay.yaml
index 22701a2..d634a00 100644
--- a/apps/agent-zero/configmaps-bluejay.yaml
+++ b/apps/agent-zero/configmaps-bluejay.yaml
@@ -3616,7 +3616,8 @@ data:
   kubectl_manager.py: |
     # Kubernetes Cluster Management Tool
     # Manages Kubernetes resources via kubectl on a Rancher Desktop (k3s) cluster.
-    # The pod runs with a cluster-admin ServiceAccount so all operations are permitted.
+    # SEC-6: the pod has no mounted Kubernetes API token and no cluster RBAC.
+    # Cluster operations must go through gated FlowerCore MCP tools instead.
     # kubectl is located at /usr/local/bin/kubectl.
 
     import subprocess
@@ -4442,7 +4443,8 @@ data:
 
     ### Notes
 
-    - The Agent Zero pod has `cluster-admin` privileges; all kubectl operations are permitted.
+    - The Agent Zero pod has no mounted Kubernetes API token and no cluster RBAC.
+    - Cluster operations must go through gated FlowerCore MCP tools instead of raw kubectl.
     - kubectl is located at `/usr/local/bin/kubectl`.
     - Long outputs are truncated to 4000 characters to avoid flooding.
     - The `exec_command` action has a 30-second timeout.