azure-aks

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's "GitOps with Flux" instructions explicitly configure Flux to sync from an external Git repository (e.g., --url https://github.com/myorg/myrepo) and the helm repo/add commands reference public charts, which means the agent/cluster will ingest and act on untrusted, user-provided content that can alter behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs commands that fetch and execute remote content at runtime—e.g., "helm repo add https://kubernetes.github.io/ingress-nginx" (Helm charts fetched and applied) and "az k8s-configuration flux create --url https://github.com/myorg/myrepo" (Flux will fetch and apply manifests from the Git repo)—so external URLs are used to deliver executable configuration.