manage-kubernetes-secrets

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt includes literal plaintext secrets and CLI commands that embed and decode secret values (e.g., --from-literal=password='sup3rs3cr3t!', aws secretsmanager --secret-string with "dbpass123", and commands to base64-decode secret data), which requires handling or reproducing secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required procedure instructs fetching and applying manifests and charts from public third-party URLs (e.g., kubectl apply -f https://github.com/bitnami-labs/sealed-secrets/releases/..., helm repo add https://charts.external-secrets.io, kubectl apply -f https://raw.githubusercontent.com/...) so the agent would ingest untrusted, user-hosted manifests and chart content that can materially change tool behavior and cluster state.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly fetches and applies remote manifests and binaries at runtime (for example: https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.0/controller.yaml, https://github.com/bitnami-labs/sealed-secrets/releases/download/v0.24.0/kubeseal-0.24.0-linux-amd64.tar.gz, https://github.com/cert-manager/cert-manager/releases/download/v1.13.0/cert-manager.yaml, https://raw.githubusercontent.com/stakater/Reloader/master/deployments/kubernetes/reloader.yaml), which will execute remote code/configuration in the cluster and are required by the procedure.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill instructs performing host- and cluster-level privileged actions (editing kube-apiserver flags, accessing etcd, installing binaries with sudo, and other admin operations) that modify system/service state and require elevated privileges, so it can compromise the machine the agent runs on.