skills/wshobson/agents/gitops-workflow/Snyk

gitops-workflow

Warn

Audited by Snyk on Feb 17, 2026

Risk Level: MEDIUM

Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

Third-party content exposure detected (high risk: 1.00). The skill instructs fetching and using manifests from public GitHub/raw.githubusercontent.com and points ArgoCD/Flux at public Git repositories (e.g., kubectl apply -f https://raw.githubusercontent.com/argoproj/argo-cd/stable/manifests/install.yaml and repoURL: https://github.com/org/gitops-repo), so the agent/agents will pull and interpret untrusted, user-controlled third-party content.

MEDIUM W013: Attempt to modify system services in skill instructions.

Attempt to modify system services in skill instructions detected (high risk: 1.00). Flagged because the skill explicitly includes a "curl ... | sudo bash" install command that asks the agent to obtain sudo privileges and modify system-level files on the host.

Audit Metadata

Risk Level

MEDIUM

Analyzed

Feb 17, 2026, 10:18 PM