gke-basics

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill's workflows explicitly instruct fetching and applying manifests from public GitHub URLs (e.g., "kubectl apply --server-side -f https://github.com/kubernetes-sigs/kueue/releases/latest/download/manifests.yaml" in references/gke-batch-hpc.md and the MPI Operator raw GitHub URL), which are untrusted, user-maintained third-party resources that the agent would read/execute as part of its workflow.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs runtime fetching and applying remote Kubernetes manifests which execute code in-cluster — e.g., "kubectl apply --server-side -f https://github.com/kubernetes-sigs/kueue/releases/latest/download/manifests.yaml" and "kubectl apply -f https://raw.githubusercontent.com/kubeflow/mpi-operator/master/deploy/v2beta1/mpi-operator.yaml", so external content would be fetched at runtime and run as required dependencies.