gitops-workflow

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote content—kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml (applies remote manifests) and curl -s https://fluxcd.io/install.sh | sudo bash (pipes and runs a remote install script)—so these URLs directly cause remote code/configuration execution that the workflow depends on.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs running a remote installer with elevated privileges (curl ... | sudo bash) and commands that access/modify cluster state, which pushes the agent to obtain sudo and change system state on the host.