external-gitcode-ascend-npu-adapter-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's Stage 1 "获取源代码" explicitly instructs cloning arbitrary GitHub links (git clone <repo_url>) and then analyzing that repository, meaning the agent fetches and interprets untrusted public/user-generated code which directly influences its analysis, adaptations, and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's precondition includes downloading and running an external installer that would execute remote code — wget https://ascend-repo.obs.cn-east-2.myhuaweicloud.com/CANN/7.0/Ascend-cann-toolkit_7.0.RC1_linux-x86_64.run followed by bash, which is a runtime fetch of executable code the skill depends on.