knative

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's install and helper scripts explicitly fetch and apply manifests from public GitHub URLs (e.g., kubectl apply -f "https://github.com/knative/.../serving-core.yaml") and link to public knative.dev/GitHub pages, so it ingests untrusted third‑party web content as part of its workflow.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit commands that use sudo to move a binary into /usr/local/bin (and otherwise instructs making system-level changes via kubectl and patching configmaps), which directs the agent to perform actions requiring elevated privileges and modify the host/cluster state.