skills/jeremylongshore/claude-code-plugins-plus-skills/creating-kubernetes-deployments/Snyk

creating-kubernetes-deployments

Fail

Audited by Snyk on Mar 12, 2026

Risk Level: HIGH

Full Analysis

HIGH W007: Insecure credential handling detected in skill instructions.

Insecure credential handling detected (high risk: 1.00). The prompt includes explicit Kubernetes Secret examples (base64-encoded values and an 'echo -n "api-key-here" | base64' example) and instructs creating Secrets with sensitive data, which would require the LLM to embed secret values verbatim into generated manifests.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

Potentially malicious external URL detected (high risk: 0.90). The skill instructs users at runtime to apply a remote manifest from https://github.com/cert-manager/cert-manager/releases/download/v1.14.0/cert-manager.yaml (kubectl apply -f ...), which fetches and executes remote configuration/code and is relied on as a dependency for TLS/cert-manager—creating a high-confidence runtime risk.

Issues (2)

W007

HIGH

Insecure credential handling detected in skill instructions.

W012

MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata

Risk Level

HIGH

Analyzed

Mar 12, 2026, 05:28 PM

Issues

2