alibabacloud-pds-multimodal-search

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The skill's analysis workflow and scripts (references/multianalysis-file.md and scripts/doc_analysis_formatter.py / scripts/ppt_extraction.py) explicitly download and parse signed URLs (JSON, images) returned by the PDS analysis results—these are user-generated/untrusted content fetched at runtime and the agent reads and acts on their contents to format outputs and drive further processing, enabling potential indirect prompt injection.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill's installation steps include a runtime command that fetches and executes remote code (curl -fsSL https://aliyuncli.alicdn.com/install.sh | bash) to install the required Aliyun CLI, so the URL https://aliyuncli.alicdn.com/install.sh is a high-confidence external dependency that executes remote code and is required for the skill.