> But if you can manipulate my helm chart why can you not also place the malicious code in the helm directory?

If you can manipulate my helm chart, why not just do the RCE directly in my kubernetes cluster or whatever?