write-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill instructs Claude to run kubectl apply -f https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml (Step 2 of Fresh Environment Setup), which fetches and executes an open/public GitHub-hosted YAML that the agent will read/apply as part of its workflow, exposing it to untrusted third-party content that can materially influence behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill runs kubectl apply against https://raw.githubusercontent.com/kubernetes/ingress-nginx/main/deploy/static/provider/kind/deploy.yaml at runtime, which fetches and executes remote Kubernetes manifests (remote code/config) that the workflow requires, so this is a high-risk external dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The skill explicitly instructs the agent to execute infrastructure bash commands that modify local system state (create/delete kind clusters, build/load Docker images, run kubectl/helm), so the agent would directly change the machine/environment even though it doesn't request sudo or create users.