mindspeed-mm-env-setup

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md Quick Start and One-Click Install Script explicitly instructs cloning and installing code and wheels from public third‑party repositories (e.g., gitcode.com/ascend/MindSpeed, gitcode.com/Ascend/MindSpeed-MM, https://github.com/NVIDIA/Megatron-LM and running scripts/install.sh), which causes the agent/operator to fetch and execute untrusted, user‑provided content that can materially alter subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly clones and installs code at runtime from external repositories (e.g., git clone https://gitcode.com/ascend/MindSpeed.git, https://gitcode.com/Ascend/MindSpeed-MM.git, https://github.com/NVIDIA/Megatron-LM.git and downloads wheels referenced at https://gitcode.com/Ascend/pytorch/releases), and those fetched repositories/scripts are then installed/executed (pip install -e ., bash scripts/install.sh), so they are runtime external dependencies that execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill explicitly instructs running system-modifying commands (system-wide pip installs, copying repos, killing processes) and a docker run with --privileged and host filesystem mounts (including /etc and /usr/local), which require elevated privileges and can alter or expose the host system, so it pushes actions that can compromise the machine state.