import-from-helm
Use when the user wants to bring a Helm chart under ConfigHub management — phrases like "install cert-manager from Helm", "I have a Helm chart, how do I use it with ConfigHub?", "render this chart into ConfigHub", "cub helm install", "upgrade to the new chart version", "how do I customize a chart without losing changes on upgrade?", or "deploy nginx/prometheus/traefik via Helm through ConfigHub". Runs `cub helm install` / `cub helm upgrade` / `cub helm template`, follows the clone-based customization pattern so upgrades preserve user edits, splits CRDs into their own Unit, and hands off applying to `cub-apply`. Do not load for ArgoCD Application or Flux HelmRelease discovery (use `import-from-argocd` / `import-from-flux` — those insert ConfigHub into an existing GitOps pipeline), for adopting already-deployed live resources (use `import-from-cluster`), or for authoring raw Kubernetes YAML with no chart (use `config-as-data`).
89
88%
Does it follow best practices?
Impact
Pending
No eval scenarios have been run
Advisory
Suggest reviewing before use
Security
1 medium severity finding. This skill can be installed but you should review these findings before use.
W011: Third-party content exposure detected (indirect prompt injection risk)
What this means
The skill exposes the agent to untrusted, user-generated content from public third-party sources, creating a risk of indirect prompt injection. This includes browsing arbitrary URLs, reading social media posts or forum comments, and analyzing content from unknown websites.
Why it was flagged
Third-party content exposure detected (high risk: 0.80). This skill explicitly shells out to Helm and requires adding/searching remote chart repositories (helm repo add / helm repo update / helm search repo) and running cub helm install/upgrade to render charts from public Helm repos (e.g., jetstack/bitnami/prometheus-community), so it ingests untrusted third‑party chart content that can influence subsequent tool actions.
- Repository
- confighub/confighub-skills
- Commit
59ea831
- Audited
- Security analysis
Is this your skill?
If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.