huawei-cloud-sac-new-api

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). The required runtime workflow step “Extract solution info” uses Playwright to open an outsider-authored public Huawei Cloud solution detail page URL and then ingests scraped free text (title/price/link text) from that page into the agent’s JSON/LLM context.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The tf template URL https://documentation-samples.obs.cn-north-4.myhuaweicloud.com/solution-as-code-publicbucket/solution-as-code-moudle/building-a-newapi-llm-gateway/building-a-newapi-llm-gateway.tf.json is fetched at runtime by download_tf_template_file.py and supplies Terraform JSON (remote code) that the workflow depends on and may be executed via terraform apply.