helm-chart-scaffolding

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.70). This skill's implementation playbook and Chart.yaml explicitly reference and instruct fetching from public chart repositories (e.g., "https://charts.bitnami.com/bitnami", "helm dependency update", "helm repo add https://charts.example.com") so the agent's workflow involves downloading and processing third‑party Helm charts (including NOTES.txt and hooks) from open/public sources that could contain untrusted, instruction-like content that affects subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill declares chart dependencies hosted at https://charts.bitnami.com/bitnami which are fetched at runtime by helm (e.g., via helm dependency update / helm install) and those remote charts/templates/hooks can execute code in the target environment, so this is a runtime external dependency that can execute remote code.