k8s-cluster-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow includes fetching and applying remote, user-provided manifests (e.g., SKILL.md Quick Start and references/clusterctl.md show commands like curl https://github.com/.../clusterctl, clusterctl generate --from https://github.com/.../template.yaml and clusterctl generate yaml --from https://example.com/template.yaml which are then piped to kubectl apply), so untrusted public content would be fetched and acted on and could materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime commands that fetch and execute remote artifacts (for example, installing clusterctl via curl from https://github.com/kubernetes-sigs/cluster-api/releases/download/v1.12.0/clusterctl-linux-amd64 which downloads an executable and runs it), satisfying the criteria for a risky external dependency.