skills/mukul975/anthropic-cybersecurity-skills/implementing-kubernetes-network-policy-with-calico/Snyk
implementing-kubernetes-network-policy-with-calico
Warn
Audited by Snyk on Apr 20, 2026
Risk Level: MEDIUM
Full Analysis
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.80). The skill's required installation and workflow steps explicitly instruct fetching and applying manifests from public URLs (for example, "kubectl create -f https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml" in SKILL.md and references/workflows.md), which are untrusted public third‑party resources that the agent/operator will ingest and that can materially change cluster state and influence subsequent tool outputs and decisions.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.80). The skill explicitly instructs runtime commands (kubectl create/apply -f) that fetch and apply remote manifests from https://raw.githubusercontent.com/projectcalico/calico/v3.27.0/manifests/tigera-operator.yaml (and companion raw.githubusercontent.com URLs), meaning external content is fetched during execution and will create/execute remote configuration in the cluster as a required dependency.
Issues (2)
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata