kubeadm-troubleshooting

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). Flagged because the troubleshooting steps explicitly instruct fetching and applying a public raw GitHub manifest (e.g., "kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/.../kube-flannel.yml" in the Node NotReady/CoreDNS sections), which causes the agent/runner to ingest and act on untrusted third-party content that can materially change behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directs runtime fetching and execution of remote Kubernetes manifests via "kubectl apply -f https://raw.githubusercontent.com/flannel-io/flannel/master/Documentation/kube-flannel.yml", which causes externally-hosted content to be executed in the cluster and is relied upon as a remediation step.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill includes explicit, destructive system commands (rm -rf on system dirs, kubeadm reset, iptables flush, disabling firewalld, restarting system services, certificate regeneration) that require root/sudo and modify or destroy machine state, so it does push the agent to compromise the host.