k8s-kubevirt

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill includes a cloud-init manifest embedding a plaintext password ("password: fedora"), which requires the agent to output a secret/password verbatim in generated manifests and is therefore insecure.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill manifest includes a DataVolume with source.http.url=https://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2 which is fetched at runtime and supplies a VM disk image that will be executed when the VM boots, and the skill depends on that external content to create the VM.