volt-kubernetes

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly tells the agent to ask the user for sensitive values (docker username/password/email) and to place them into terraform.tfvars and into a Kubernetes secret resource, which would require the LLM to handle or emit those secret values verbatim (high exfiltration risk).

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's required workflow explicitly instructs the agent to check and consume public Helm chart metadata (e.g., "Always check for the newest version of the helm chart" and references the public repo URL https://voltdb-kubernetes-charts.storage.googleapis.com and commands like helm show values CHART), so the agent would fetch and interpret open third‑party content that can influence deployment decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The helm repository URL https://voltdb-kubernetes-charts.storage.googleapis.com is referenced in the helmfile configuration and will be fetched at deployment/runtime by helm/helmfile (via the terraform local-exec helmfile apply), pulling remote chart content that defines/executes Kubernetes manifests the deployment depends on.