argocd-expert

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes examples that retrieve secrets (kubectl get secret ...) and then pass them verbatim on the command line (argocd login --password , argocd repo add ... --password mytoken), which requires embedding secret values directly and is a high-risk exfiltration pattern.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions explicitly fetch and consume public GitHub content (e.g., "kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml" and numerous repoURL/ApplicationSet git generator examples like "https://github.com/myorg/myapp" and "argocd repo add ..."), meaning ArgoCD will read/interpret third‑party repository content that can materially influence deployments and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill contains explicit runtime commands that fetch and execute remote manifests (e.g., "kubectl apply -n argocd -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml" and the HA install.yaml) and ArgoCD Application resources that point ArgoCD to external git repositories (e.g., https://github.com/myorg/myapp) which the controller will fetch and apply, so these URLs are runtime dependencies that cause execution of remote content.