deploy-app

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's Phase 1 "Research" workflow explicitly invokes the kubesearch skill and instructs searching public sources (helm hub/OCI registries and grafana.com community dashboards) to ingest real-world values.yaml and dashboard content — untrusted, user-generated web content that the agent is expected to read and use to decide chart selection and deployment actions, enabling indirect prompt injection risk.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs helm install and references external chart URLs (e.g., https://charts.example.com and oci://ghcr.io//helm) at runtime to fetch Helm charts/OCI images which will execute remote code in the target environment, so these are runtime external dependencies that can execute code.