kubesearch

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to fetch and "show the complete values section" from HelmRelease/values.yaml files, which forces the LLM to output any secrets (API keys, tokens, passwords) present in those files verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md workflow explicitly instructs the agent to WebFetch pages from kubesearch.dev and to fetch raw GitHub files (raw.githubusercontent.com) to extract HelmRelease values and use them to drive configuration recommendations, which exposes the agent to untrusted, user-generated third-party content that could inject instructions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runtime fetches external configuration files from https://kubesearch.dev and raw GitHub URLs (e.g., https://raw.githubusercontent.com/////helmrelease.yaml and github.com blob links) and injects their contents into prompts to drive the agent's output, meaning remote content can directly control instructions at runtime.