huawei-cloud-business-support-query

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). Runtime path: the skill executes local Python scripts (e.g., scripts/bms/list_* and scripts/bms/inquiry_*) that call Huawei Cloud BSS/BMS/ELB/NAT APIs via the vendor SDK and then print/return API response fields (free-form strings like names/descriptions) into the agent’s LLM context; these strings are outsider-authored data from the cloud service, not authored by the operating user.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.70). The skill mandates executing an environment check script that installs dependencies and modifies the host environment (auto-creating a venv and potentially performing system installs), which is a state-changing action that may require elevated privileges even though the cloud queries themselves are read-only.