msmodelslim-quant

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly recommends using sshpass with a -p 'password' argument (and similar non-interactive patterns), which instructs embedding plaintext credentials in commands and therefore requires handling/outputting secrets verbatim.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly clones a public repo (scripts/msmodelslim-setup.sh clones https://gitcode.com/Ascend/msmodelslim) and then reads and interprets model README/config files (scripts/env-check.sh, scripts/quant-queries.sh and templates/env-checklist.md) to determine installs, environment variables, and quant commands, so untrusted third‑party content can directly influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). High-confidence: the msmodelslim-setup.sh script runs at runtime and performs git clone https://gitcode.com/Ascend/msmodelslim.git followed by bash install.sh, which fetches remote code and executes it as a required dependency.