vllm-ascend-server

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required launch templates and workflow repeatedly run vllm serve with the --trust-remote-code flag (e.g., SKILL.md, references/launch-templates/) and reference external model repositories (hf_path entries in references/model_configs/.yaml) and public container images (e.g., quay.io in workflow examples), which means it will load and execute untrusted, user-provided third‑party model/code artifacts that can materially change server behavior and responses used by the agent.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (medium risk: 0.40). The skill instructs the agent to run and manage system-level commands (starting services, running docker, killing processes, mounting host dirs) which modify the machine state, but it does not ask for privilege escalation, editing system configuration files that require sudo, or creating user accounts.