container-security

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes an explicit example passing credentials on the command line (--username / --password) which is an insecure pattern that can lead an agent to request and embed secrets verbatim in generated commands, so it risks secret exfiltration.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's required workflow explicitly imports public images from Docker Hub via "az acr import --source docker.io/..." and includes downloading binaries via curl from GitHub and parsing Trivy JSON scan results, so it ingests untrusted, user-controlled third-party content (Docker Hub/GitHub/scan outputs) that can materially influence scanning and remediation actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's Dockerfile examples perform runtime downloads and execution of remote binaries (e.g., GitHub release URLs like https://github.com/org/tool/releases/download/${TOOL_VERSION}/tool_linux_amd64.tar.gz and the shown k9s/argocd/yq/kustomize release URLs), which are fetched during image build and directly execute code, making them risky external runtime dependencies.