sealos-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required pipeline explicitly clones and reads arbitrary GitHub repositories (Phase 1: "Clone repo... read README") and queries public registries and README/CI files (Phase 2: Docker Hub / GHCR / README / .github/workflows scans) and uses those untrusted inputs to decide build/push/template generation and to run tools (builds, kubectl, deploy), so third‑party content can materially influence actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime commands that fetch and execute remote code — e.g., cloning a user-supplied GitHub repo via git clone "https://github.com/owner/repo" (fetched source is later built/run) and an explicit install command curl -fsSL https://get.docker.com | sh to install Docker — both clearly pull external content at runtime that can execute code, so this is high-risk.