implementing-image-provenance-verification-with-cosign

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt includes an example that injects an OIDC identity token directly into a CLI argument (--identity-token=$(cat /var/run/sigstore/cosign/oidc-token)), which is an instruction to include a secret value in a command and matches the insecure pattern of passing secrets as command-line arguments.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's scripts (scripts/agent.py and scripts/process.py) and SKILL.md explicitly run cosign verify / verify-attestation and Rekor/Fulcio/registry commands that fetch and parse signatures/attestations from public container registries and the Rekor transparency log (untrusted, user-supplied content), and those parsed results are used to make audit decisions and generate policies/workflows.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.60). The prompt includes explicit sudo installation steps (sudo mv/chmod) and cluster/helm installations that require elevated privileges and modify system or cluster state, so it encourages actions that could change the machine's state.