helm

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's instructions (SKILL.md and references/helm-chart-sources.md and references/container-versions.md) explicitly direct the agent to search and fetch chart metadata and values from public sources like Artifact Hub, chart Git repos, OCI/helm registries, and GitHub/NGC release pages — untrusted, user-maintained third-party content the agent must read to select versions and construct manifests that directly affect deployment behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The manifest explicitly documents a hosted-a2a-agent agent_card_url (e.g. https://research-agent.example.com/.well-known/agent.json) that is fetched at runtime and "can influence agent behavior," so this external URL is a runtime dependency that can control agent prompts/behavior.