gke-tpu

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly pulls and clones code from a public GitHub URL (references/sync.md: git pull / git clone using <repo.git_url>) and then installs and executes that repo's code on pods (references/sync.md and references/run.md), meaning untrusted, user-controlled third-party content is fetched and can directly influence runtime actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's sync/run steps explicitly perform runtime git clone/pull and pip install against the repository https://github.com/sgl-project/sglang-jax.git (via kubectl exec), which fetches and executes remote code that the skill relies on.