external-gitcode-ascend-npu-model-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly requires fetching and inspecting arbitrary public repositories and READMEs (e.g., "User provides model
• GitHub URL", "git clone ", and "README 是迁移工作的重要参考依据" in SKILL.md and references/README.md), so it ingests untrusted third‑party content that can change migration decisions and actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly instructs cloning and running remote code at runtime (e.g., "git clone -b " followed by pip install / python run.py), so external git repositories provided at runtime—such as the referenced https://github.com/FuxiCTR/AutoInt—would be fetched and executed, meeting the criteria for a runtime external dependency that executes remote code.