setup-local-kubernetes

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's required procedure instructs fetching and executing public third‑party content (e.g., curl | bash from https://raw.githubusercontent.com, kubectl apply -f https://github.com/.../deploy.yaml, downloads from https://storage.googleapis.com and dl.k8s.io) as part of the core setup steps, which clearly ingests untrusted web-hosted content that can materially change actions/environment.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime installer downloads that execute remote code (high-confidence examples: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | bash and curl -fsSL https://raw.githubusercontent.com/tilt-dev/tilt/master/scripts/install.sh | bash), and it relies on those external installers/binaries (also fetched from kind.sigs.k8s.io, storage.googleapis.com/minikube, dl.k8s.io, etc.) as required dependencies.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). This skill explicitly instructs installing binaries with sudo into system paths, editing /etc/hosts via sudo, creating and managing Docker containers/networks, and running system-level cleanup (docker system prune), all of which require elevated privileges and modify the host system state.