dcgm_exporter

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The DaemonSet specifies the external container image nvcr.io/nvidia/k8s/dcgm-exporter:3.3.8-3.6.0-ubuntu22.04 which is pulled at runtime, is a required dependency, and will execute remote code on cluster nodes when run.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). Although it doesn't ask the agent to run sudo or create users on the host, the skill explicitly instructs deploying a privileged DaemonSet that runs as root and adds the SYS_ADMIN capability (and discusses draining/replacing nodes), which encourages modifying cluster/node state and weakens security boundaries.