configure-api-gateway

This skill document is coherent with its stated purpose: deploying and configuring API gateways (Kong/Traefik) in Kubernetes/Docker environments. I found no code or instructions that are clearly malicious (no exfiltration endpoints, no obfuscated payloads, no reverse shell or eval). The main security issues are supply-chain and operational: it recommends downloading and installing a CLI (decK) via curl/tar without integrity verification, uses privileged operations (sudo mv, kubectl apply) which are necessary but high-impact, and includes plaintext example credentials in configs. These are moderate supply-chain and operational risks rather than confirmed malware. Recommend adding integrity checks (SHA256 or signatures) for downloaded binaries, explicit guidance to use secure secret management (Kubernetes Secrets, sealed secrets, RBAC), and avoid copying example credentials into production manifests.