eks-cluster

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required scripts and documentation explicitly fetch and apply public manifests (e.g., scripts/create-eks-cluster.sh runs "kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/..." and scripts/create-node-group.sh applies the NVIDIA device plugin URL, and references mention other raw GitHub URLs), so it ingests untrusted, user-visible web content as part of its workflow which can materially change tool behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The create-eks-cluster.sh and create-node-group.sh scripts fetch and apply remote Kubernetes manifests at runtime (e.g., kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.12.0/deploy/static/provider/aws/deploy.yaml and kubectl apply -f https://raw.githubusercontent.com/NVIDIA/k8s-device-plugin/v0.16.2/deployments/static/nvidia-device-plugin.yml), which pulls and executes external configuration/code required by the skill.