deploy-ml-model-serving

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow instructs fetching and applying manifests from public URLs (e.g., "kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml" and the Seldon Helm chart repo at https://storage.googleapis.com/seldon-charts), which are untrusted third-party resources that the agent would ingest and that can materially change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly runs runtime commands that fetch and install remote code/manifests — e.g., helm install seldon-core ... --repo https://storage.googleapis.com/seldon-charts and kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml — which will execute remote charts/manifests and are required by the Seldon/autoscaling steps, so they present a remote-code execution dependency.