ace-step

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's Route 2 (ACE Step audio-inpaint) and Route 3 (ACE Step audio-outpaint) explicitly accept arbitrary HTTPS audio URLs via the "audio" field in SKILL.md, fetch and ingest that untrusted third-party content, and the doc even warns that such source audio can contain steganographic instructions that may influence generation.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.70). The skill accepts user-supplied HTTPS audio URLs (e.g., https://your-cdn.example/original-track.mp3) that are fetched at runtime for the audio-inpaint/audio-outpaint endpoints and can directly influence model output (possible steganographic/indirect prompt injection), and those URLs are a required input for those routes.