ascend-model-migration

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's workflow (SKILL.md and model-migration/ and ascend-mmlab-install-suite/SKILL.md) explicitly instructs the agent to git clone open-source repositories from public sites (e.g., https://gitcode.com/Ascend/DrivingSDK and https://github.com/...), apply patches, and run their scripts on the target server—i.e., it fetches and executes untrusted, user-generated third‑party code that can materially affect tool use and next actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly performs runtime clones/installs of remote repos (e.g. git clone https://gitcode.com/Ascend/DrivingSDK, git clone -b 1.x https://github.com/open-mmlab/mmcv.git, git clone https://github.com/fundamentalvision/BEVFormer.git and pip install git+https://github.com/facebookresearch/detectron2.git), and those fetched repositories are then built/installed or used to run training scripts (python setup.py / pip install / bash train scripts), meaning the external content is fetched at runtime, executed, and required by the workflow.