kubespray-lab-setup

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt embeds plaintext credentials (e.g., 'root:qwe123' and sshpass -p 'qwe123') in scripts and commands, which would require the model to handle or reproduce these secret values verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). Yes — the required admin-lb.sh (invoked by the Vagrant provisioning flow) directly fetches and installs code from public third-party sources (e.g., git clone https://github.com/kubernetes-sigs/kubespray.git, curl ...github.com/.../k9s...rpm, and piping https://raw.githubusercontent.com/helm/helm/... to bash), so untrusted remote content is ingested and executed and can alter runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). Flagging https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 (curl ... | bash executed during admin-lb provisioning) and https://github.com/kubernetes-sigs/kubespray.git (git clone used at runtime and its requirements are installed) because both URLs are fetched during the skill's provisioning, execute/install remote code, and are required dependencies for the setup to complete.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill contains provisioning scripts and instructions that edit system files (sshd_config, /etc/hosts, /etc/selinux/config, /etc/exports, sysctl configs, service enable/disable), install packages, set root passwords, disable SELinux/firewall and enable root SSH—actions that require root and actively weaken or change the machine's security posture, so it should be flagged.