kargo-skill

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes patterns that require embedding secret values verbatim (e.g., CLI flags like --password, YAML stringData secrets, Authorization: "Bearer ${{ secrets.apiToken }}", and direct secret(...) expressions), which would force an agent to insert real secret tokens into generated commands/manifests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill clearly ingests and interprets untrusted third‑party content — e.g., git-clone/git-push and commitFrom("https://github.com/...") for Git repos, imageFrom("public.ecr.aws/...") for public registries, chartFrom("https://charts.example.com"), and http-download/http steps that fetch arbitrary URLs — so the agent reads user-generated/open web content as part of its workflow.