helm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly instructs adding and installing from public Helm chart repositories (e.g., "helm repo add stable https://charts.helm.sh/stable" and "helm repo add bitnami https://charts.bitnami.com/bitnami") so the agent would fetch and act on untrusted, third‑party chart content as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's runtime examples explicitly add and install remote Helm chart repositories (e.g., https://charts.helm.sh/stable and https://charts.bitnami.com/bitnami) which are fetched at runtime and deploy/execute code in the target Kubernetes cluster, so these URLs can lead to execution of remote content.