eks

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly instructs the agent to read Kubernetes-secret values (e.g., DATABASE_PASSWORD, REDIS_PASSWORD, SMTP_PASSWORD) and inject them into CLI commands (e.g., --master-user-password, --auth-token, kubectl patch), which requires the agent to handle and embed secret values directly—an insecure exfiltration risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs the agent to fetch and execute public third-party content (e.g., "kubectl apply -f https://github.com/cert-manager/.../cert-manager.yaml" in Phase 4b and many commands in refs/eks-deployment.md, plus adding/using public Helm repos like https://kubernetes.github.io/ingress-nginx and https://helm.phase.dev), meaning the agent autonomously ingests untrusted web-hosted YAML/charts that can materially alter actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill runs the command "kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.17.2/cert-manager.yaml" at runtime, which fetches and applies a remote Kubernetes manifest (executing remote code/configuration) that the deployment depends on, so this URL is a runtime external dependency that can directly control execution.