write-helm-chart

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The prompt includes an explicit example that passes credentials on the command line (helm registry login -u $USER -p $PASS), which encourages embedding secrets in command arguments (an insecure/exfiltration-prone pattern) even though placeholders are used.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). This skill's required procedure instructs adding and installing charts from external chart repositories (e.g., "helm repo add myrepo https://charts.example.com" and "helm install my-app myrepo/my-app") and references remote chart content (including NOTES.txt and helm hooks) which are untrusted, user-provided package contents that the agent would read/interpret and that can materially influence actions (templates/hooks can run jobs or change installs) — see Step 6 (Publish to Chart Repository) and the hooks/NOTES.txt examples in references/EXAMPLES.md.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs users to run a remote installer that pipes code to the shell (curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash), which fetches and executes external code at runtime and Helm is required for the skill to operate.