external-gitcode-ascend-catlass-operator-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). SKILL.md Step 1.2 explicitly requires cloning the public repository "https://gitcode.com/cann/catlass.git" and later phases (Phase 2–6) read catlass/examples and design.md from that repo and use them to drive codegen, compilation, tests and reports, so untrusted third‑party content can materially influence agent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly requires running "git clone https://gitcode.com/cann/catlass.git catlass" at runtime to fetch the catlass source (catlass/include, catlass/examples), which is a required dependency used to drive code generation and is later compiled/executed, so the fetched remote content can directly influence agent behavior and execute code.