cloud-native

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill's generators directly interpolate config.variables, shared_state credentials, and resource properties into Terraform variable defaults and Pulumi code as string literals, meaning any secrets present would be written/output verbatim and thus exposed.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill autonomously fetches and executes content from public third-party URLs and repositories as part of its runtime workflow (e.g., _init_argocd uses kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml, _init_flux runs curl https://fluxcd.io/install.sh, and Application.repo_url values are embedded into ArgoCD manifests), so untrusted external content is ingested and can directly influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs commands at runtime that fetch and execute remote content—specifically kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml (fetches and applies remote manifests) and curl -s https://fluxcd.io/install.sh | bash (downloads and pipes a shell script to bash)—which directly execute remote code as part of initialization.