gitops-workflow

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill instructs ArgoCD/Flux to pull manifests from arbitrary public Git repositories (e.g., the repoURL fields like https://github.com/org/my-app and the GitRepository CR) and includes commands that fetch manifests from raw.githubusercontent.com/argoproj and fluxcd.io, meaning the agent/automation will ingest and interpret untrusted, user-controlled third‑party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill includes a "curl ... | sudo bash" installation step which explicitly asks for elevated (sudo) privileges to run a remote script, so it instructs obtaining root-level changes on the host.