cann-nnal-installer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill explicitly instructs fetching installers from the public Hiascend download site (https://www.hiascend.com/developer/download/...) and pulling/inspecting official CANN Docker images from quay.io, then sourcing and modifying scripts (set_env.sh) from those third‑party artifacts so their contents can influence environment variables and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill instructs fetching and running remote installer packages from https://www.hiascend.com/developer/download/community/result?module=cann (and related hiascend download URLs) and/or pulling the Docker image quay.io/ascend/cann:9.0.0-beta.2-910-openeuler24.03-py3.11 at runtime, then executing/copying and sourcing scripts (e.g., .run installers and set_env.sh) from that external content, which constitutes executing remote code fetched during runtime.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). This skill instructs installing system-wide software into /usr/local, modifying installation scripts and shell startup files, and running commands (chmod, sed, running installers, docker operations) that will change the machine state and typically require elevated privileges, so it can compromise the host.