catlass-operator-dev

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill explicitly instructs cloning a public repo (Step 2: "git clone https://gitcode.com/cann/catlass.git catlass"), causing the agent to fetch and read untrusted third-party repository content that will be used as part of its workflow and could influence subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill explicitly runs "git clone https://gitcode.com/cann/catlass.git" at runtime to fetch the Catlass source which is a required dependency that will be compiled/executed, so the fetched remote code can directly control execution.