external-gitcode-ascend-catlass-operator-code-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning/reading the public Catlass repository (e.g., "git clone https://gitcode.com/cann/catlass.git catlass" in references/op_kernel/kernel-rules.md) and repeatedly requires the agent to inspect catlass/examples and other external headers to select implementations and drive code-generation decisions, so untrusted third-party content can influence subsequent tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs at runtime to fetch the Catlass source via git clone (https://gitcode.com/cann/catlass.git), which is a required external dependency whose code will be compiled/executed as part of the operator build, so it can directly introduce remote executable code into the runtime.