k8s-cluster-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's instructions explicitly tell operators to fetch and apply external manifests/binaries (e.g., curl GitHub releases in Quick Start and clusterctl commands that use --from URLs and pull provider manifests from GitHub in references/clusterctl.md), so runtime workflows can ingest untrusted public URLs/templates which could contain instructions that change subsequent tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Quick Start includes a runtime curl+install that downloads and installs the clusterctl binary from https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.0/clusterctl-linux-amd64, which fetches and installs remote executable code that the skill relies on for its workflows.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The quickstart explicitly instructs using sudo to move the clusterctl binary into /usr/local/bin (and includes clusterctl init and other commands that change system/cluster state), which requires elevated privileges and modifies system-level files.