ascend-opplugin

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Plan B (SKILL.md, section 2.3) explicitly instructs cloning and building the external op-plugin repository (git clone https://gitcode.com/ascend/op-plugin.git) and using its build/install artifacts, so the agent is expected to fetch and act on untrusted third‑party repository content that can materially affect subsequent tool usage and decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes a runtime git clone command that fetches and builds an external repo (https://gitcode.com/ascend/op-plugin.git), which would download and execute remote code as a required dependency when following Plan B.