aigw-install

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's installation steps explicitly instruct fetching Helm values files from public GitHub raw URLs (e.g., https://raw.githubusercontent.com/envoyproxy/ai-gateway/main/manifests/envoy-gateway-values.yaml and addon YAMLs) which are third-party, publicly hosted content that the workflow ingests and that can materially change installation behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs helm/kubectl commands that fetch and apply remote charts/values at runtime (e.g., -f https://raw.githubusercontent.com/envoyproxy/ai-gateway/main/manifests/envoy-gateway-values.yaml and oci://docker.io/envoyproxy/ai-gateway-helm), so external content is required at runtime and will deploy/execute remote code in the cluster.