use-k3sup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required "Tool installation strategy" explicitly instructs fetching and executing third‑party installer code (curl -SLs https://get.arkade.dev | bash) and uses commands like k3sup get pro which download binaries from the public web, so it clearly ingests untrusted public content that can change runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs the operator to run "curl -SLs https://get.arkade.dev | bash", which fetches and executes remote code from https://get.arkade.dev at runtime and is presented as the preferred installation path for required tooling, so this is a direct remote-code execution dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill explicitly instructs using sudo (including "curl ... | sudo bash"), installing binaries into system locations (/usr/local/bin), and running privileged commands with passwordless sudo, which directs the agent to perform privileged system modifications on the host.