acestep-docs

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's required install and runtime workflow (e.g., getting-started/README.md and ABOUT.md) explicitly instructs automatic/manual downloads from public third-party hubs (HuggingFace, ModelScope, files.acemusic.ai and linked Spaces/Discord), which are untrusted/user-hosted sources whose content (models/examples) the system ingests and that can materially change model behavior and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill documentation includes setup commands that fetch and execute remote code at runtime—e.g., "curl -LsSf https://astral.sh/uv/install.sh | sh" and the PowerShell equivalent (https://astral.sh/uv/install.ps1), as well as remote downloads of packaged binaries like https://files.acemusic.ai/acemusic/win/ACE-Step-1.5.7z—which are required for installation and will execute code, so they present a clear runtime external-code-execution dependency.