loom-argocd

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that embed secrets/tokens directly in commands (e.g., "--password mytoken" and decoding the Argo CD admin secret), which instructs including secret values verbatim and creates an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows explicitly instruct Argo CD to fetch and act on arbitrary Git repositories and SCM data (see source.repoURL fields and ApplicationSet generators like git, git-directory, git-file, pullRequest, and scmProvider), which are untrusted third-party user-controlled content that can influence deployments and tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains runtime commands that fetch and apply remote manifests (e.g. kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml) and defines Git repo sources (e.g. https://github.com/myorg/myrepo.git) which Argo CD will fetch at runtime to deploy resources, so these external URLs provide remote content that is executed/applied and are required dependencies.