flux-cli

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit commands that embed credentials (e.g., flux create secret ... --username/--password, webhook URLs, etc.) as CLI arguments or values, which would require the LLM to output secret values verbatim and therefore poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflows and examples explicitly instruct creating and using external Git/Helm/OCI/Bucket sources (see references/sources.md and examples such as "flux create source git ... --url=https://github.com/...", "flux create source helm --url=...", "flux create source oci --url=...", and flux push/pull artifact) which cause the agent/flux CLI to fetch and act on untrusted, user-controlled third-party content that can influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly includes an installation command that fetches and executes a remote script at runtime ("curl -s https://fluxcd.io/install.sh | sudo bash"), so the URL https://fluxcd.io/install.sh is a high-risk runtime external dependency because it downloads and runs remote code.