alayarenderer-generative-world

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.80). The SKILL.md explicitly requires cloning a third‑party GitHub repo (git clone https://github.com/ShandaAI/AlayaRenderer.git) and downloading model checkpoints from public Hugging Face accounts (e.g., Brian9999/world_inverse_renderer, Brian9999/stylerenderer) as part of its required installation and runtime steps (run_inverse.py, inference_gbuffer_caption.py), so untrusted, user-hosted code and weights are fetched and executed and could therefore inject or change instructions/behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill instructs to run git clone --recurse-submodules https://github.com/ShandaAI/AlayaRenderer.git and then execute Python scripts from the cloned repo (and its DiffSynth-Studio submodule), so remote code is fetched at install/runtime and executed, making that URL a required runtime dependency.