alibabacloud-pds-intelligent-workspace

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill's document-analysis workflow (references/multianalysis-file.md) and the included script scripts/doc_analysis_formatter.py explicitly download and parse signed URLs (e.g., "https://bucket/...?sign=xxx") returned by PDS analysis results, meaning the agent ingests and acts on untrusted, third-party/user-generated content from arbitrary storage URLs.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation instructions explicitly run a remote install script via curl | bash (https://aliyuncli.alicdn.com/install.sh) and download runtime binaries from https://aliyuncli.alicdn.com/ (e.g., aliyun-cli--latest-.tgz / .zip), which executes remote code during setup and is required for the skill to function.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). This skill explicitly guides installing a mount app that involves driver installation and creating scheduled tasks/launchd (system-level changes that modify machine state and likely require elevated privileges), so it pushes the agent toward actions that can compromise the host state.