To setup kubernetes inside lxc you have to enable quite some capabilities inside host kernel and lxd containers that can be used to escalate privileges from beeing root in container to root in proxmox. Not completely sure but since even containerd containers share the same kernel, attacker might escalate directly from pod to proxmox host. But this last par I am not sure about.