flux-operator

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill reads and interprets external, user-provided content such as GitRepository and Kustomization status/messages via kubectl (e.g., kubectl get gitrepository, kubectl get kustomization) and promotes installing an MCP server whose tools (get_kubernetes_resources, get_kubernetes_logs, search_flux_docs) will pull data from arbitrary Git repositories and public Flux docs, thereby exposing the agent to untrusted third-party/user-generated content.