catlass-operator-code-gen

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required workflow explicitly instructs the agent to fetch and read external project code and headers (e.g., "git clone https://gitcode.com/cann/catlass.git catlass" in references/op_kernel/kernel-rules.md and "Agent 必做：先枚举再读声明" in references/example/golden.md) and to use catlass/examples and CANN_ROOT headers as implementation/golden references, which are untrusted third‑party sources that can materially influence generation and tool actions.