profiling-analysis-communication

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's install workflow explicitly clones and installs the public msprof/mstt repository (e.g., scripts/detect_slow_rank.py calls "git clone https://gitee.com/ascend/mstt.git" and reference/slow-rank-detection.md shows "git clone https://gitcode.com/Ascend/mstt.git"), which fetches and executes third-party code whose outputs are then consumed to drive analysis and recommendations—meeting all criteria for untrusted third-party content that can change tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's runtime installer clones and builds the msprof tool from the external Git repository https://gitee.com/ascend/mstt.git and runs its setup/install steps (executing remote code), and msprof_analyze is a required dependency for the skill.