helm-chart-maintenance

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md workflow explicitly includes fetching and installing charts and plugins from public repositories (e.g., helm dependency/update with repository https://charts.bitnami.com/bitnami, helm pull/install from oci:// registries and GHCR, and plugin installs from GitHub), which are untrusted third‑party sources whose content (charts/templates) would be read and could materially influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The GitHub URL https://github.com/helm-unittest/helm-unittest is installed at CI/runtime via "helm plugin install https://github.com/helm-unittest/helm-unittest", which fetches and installs remote code that will be executed and is relied on for running tests.