kubeadm-init

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The SKILL.md Post-Init Steps explicitly instruct running kubectl apply -f against public URLs (e.g., https://raw.githubusercontent.com/flannel-io/... and https://docs.projectcalico.org/manifests/calico.yaml), which causes the workflow to fetch and execute untrusted third-party manifests that can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The post-init instructions run kubectl apply -f against remote manifests (https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml and https://docs.projectcalico.org/manifests/calico.yaml), which fetches and executes remote Kubernetes resource definitions at runtime and are marked as required for the addon phase.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt directs the agent to run kubeadm, systemctl, iptables, and file operations (e.g., rm -rf /etc/kubernetes, edit /etc/kubernetes/manifests, copy/chown /etc/kubernetes/admin.conf) that require root and modify system-level files/services, so it clearly pushes changing the machine state.