ascend-inference-repos-copilot

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md) requires using DeepWiki MCP calls (e.g., mcp__deepwiki__ask_question, mcp__deepwiki__read_wiki_contents) to fetch and base responses on content from public open-source repositories such as vllm-project/vllm and verylucky01/*, which are untrusted third-party sources that the agent will read and act upon.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill explicitly performs runtime deepwiki queries (e.g., mcp__deepwiki__ask_question(repoName="vllm-project/vllm", ...)) which fetch external repository content such as vllm-project/vllm and vllm-project/vllm-ascend that are injected into the agent's context and directly control prompts, so those repo references are flagged.