implement-gitops-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs adding and syncing from public Git repositories (e.g., "argocd repo add https://github.com/USERNAME/gitops-repo" and applying manifests from raw.githubusercontent.com) and configures Argo CD/Image Updater/Rollouts to read and act on that repository/registry content, so untrusted user-generated third‑party content can be ingested and materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and executes remote manifests/binaries at runtime (for example, kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml and curl https://github.com/argoproj/argo-cd/releases/latest/download/argocd-linux-amd64), which installs and runs external code that the workflow requires.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt explicitly includes commands that require sudo (e.g., "sudo install -m 555 ... /usr/local/bin/argocd") which modify system directories and also instructs privileged Kubernetes cluster/admin operations, so it pushes actions that change the machine's/system state and require elevated rights.