kubernetes-orchestration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes runtime examples that fetch and ingest public third‑party content (e.g., the "init-demo" Pod initContainer that runs wget to http://info.cern.ch, an initContainer that curls https://config.example.com/api/config, and a Deployment initContainer that clones https://github.com/example/app.git), so the agent could be exposed to untrusted external content that might carry indirect prompt injections.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The Deployment initContainer runs a runtime git clone of https://github.com/example/app.git (followed by npm install/build in subsequent init containers), meaning remote code is fetched and executed as a required runtime dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill contains Kubernetes manifests and kubectl commands that can modify cluster and node state (e.g., ClusterRoleBindings, hostPath mounts, hostPID/hostNetwork, taint/debug node) which could enable privileged or host-level changes, but it does not instruct the agent to obtain sudo, edit host system files, or create OS user accounts on the agent machine directly.