argocd-cluster-bootstrapping

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required workflow and templates (e.g., SKILL.md, references/workflow.md, references/tools.md and references/templates/applicationset-cluster-generator.yaml) explicitly instruct ArgoCD/helm to fetch manifests and values from public repoURLs (for example https://kubernetes.github.io/ingress-nginx and various GitHub/Helm repo URLs), meaning untrusted third‑party repository content is ingested at runtime and can change deployment behavior—so it clearly exposes the agent to indirect prompt-injection via those external sources.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's ApplicationSet and project templates reference external Git/Helm repositories that ArgoCD will fetch at runtime (e.g., https://github.com/org/argo-cd-helm-values.git, https://github.com/org/infra-team.git, https://kubernetes.github.io/ingress-nginx, https://charts.bitnami.com/bitnami), and those fetched manifests/values are executed/applied to clusters so remote content directly controls runtime behavior and is a required dependency.