npu-adapter-reviewer

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Phase 1 "获取源代码" explicitly instructs the agent to clone and analyze arbitrary GitHub repositories (git clone <repo_url>) or user-provided repo URLs/paths, meaning it will fetch and read untrusted public third‑party code/docs that directly drive adaptation actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill includes runtime installation commands that fetch and execute remote code (e.g., wget https://ascend-repo.obs.cn-east-2.myhuaweicloud.com/CANN/7.0/Ascend-cann-toolkit_7.0.RC1_linux-x86_64.run and git clone https://gitee.com/ascend/pytorch.git then running installers), so these external URLs are required dependencies that will execute remote code during runtime.