gitops-pipeline-developer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs the agent to read and extend repository files (e.g., "Discover the existing setup" / "Read the existing pipeline") and to clone or fetch external git repos (cfg.chartRepo, shared library install) and runtime artifacts (setupTools downloads binaries/install scripts from GitHub), so untrusted user-generated repo content and remote scripts are ingested and can change pipeline behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The pipeline's setupTools stage fetches and installs remote executables/scripts at runtime—e.g. curl -fsSL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh, curl -fsSL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh, curl -fsSL -o /usr/local/bin/cosign https://github.com/sigstore/cosign/releases/latest/download/cosign-linux-amd64 and the sonar-scanner ZIP from https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-5.0.1.3006-linux.zip—which are downloaded and executed during the skill run and are required for the pipeline stages.