helm-chart-scaffolding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). The skill instructs adding and fetching Helm charts from public repositories (e.g., Chart.yaml dependencies pointing to https://charts.bitnami.com/bitnami and commands like helm repo add https://charts.example.com / helm dependency update), which causes the agent/tooling to ingest untrusted third‑party chart content.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The Chart.yaml lists required chart dependencies retrieved at runtime (e.g., via "helm dependency update" / helm install) from https://charts.bitnami.com/bitnami, which will download remote chart templates (potentially including hooks/jobs) that can create/execute resources in-cluster, and the skill relies on those external charts as required dependencies.