kubernetes-specialist

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly requires producing "complete Kubernetes manifests" including "Secrets" (and notes that Kubernetes Secrets are base64-encoded and not encrypted by default), which would force the model to embed secret values verbatim in outputs unless placeholders or external secret mechanisms are strictly used — creating an exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill includes explicit commands to fetch and apply public manifests from untrusted third-party sources (e.g., kubectl apply -f https://raw.githubusercontent.com/... and kubectl apply -k github.com/fluxcd/flagger//kustomize/istio), which the agent would retrieve and interpret as part of installing operators/components.