rke2-deployment

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt instructs reading the server node-token and pasting it verbatim into agent/server config files (token: ), which requires handling and embedding a secret value directly.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's installation and lab workflows explicitly fetch and execute a remote installer from a public third-party URL (curl -sfL https://get.rke2.io | ... and curl -sfL https://get.rke2.io --output install.sh), meaning the agent is instructed to ingest and act on external web-hosted code that can alter behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly downloads and executes a remote installer from https://get.rke2.io (e.g., curl -sfL https://get.rke2.io --output install.sh and curl -sfL https://get.rke2.io | ... sh -) at runtime, which fetches and runs remote code required for installation.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The prompt explicitly instructs running installer scripts and system-level commands that create/modify files in /etc and /var, create symlinks in /usr/local/bin, enable/start systemd services, and run uninstall rm -rf — all actions that require root/sudo and modify the machine state.