kubernetes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes explicit secret literals (e.g., "secretpass", "password", "ghp_token123") and examples that place secrets verbatim into CLI flags and commands (kubectl create secret --from-literal, helm --set postgresqlPassword=..., argocd login --password, argocd repo add --password), which requires the LLM to handle and output secret values directly and poses an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflows explicitly fetch and act on public third-party content (e.g., "kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml", "argocd repo add https://github.com/org/k8s-manifests.git", and Helm repo/chart installs) which are untrusted external sources the agent is expected to ingest and that can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The MCP server config invokes "npx -y @modelcontextprotocol/server-kubernetes", which at runtime fetches and executes remote npm package code that the skill relies on to provide MCP tools, so it is a required runtime remote-code dependency.