msmodelslim

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's documentation and examples explicitly instruct fetching/using external content and remote model code (e.g., "git clone https://gitcode.com/Ascend/msmodelslim.git" in SKILL.md installation and the Quick Start examples that pass --trust_remote_code True, plus the security note in references/model-integration.md warning that trust_remote_code may execute code from model weights), meaning the agent will load/execute untrusted third-party model code which can materially influence tool behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill's install instructions explicitly run remote code—e.g., "git clone https://gitcode.com/Ascend/msmodelslim.git" followed by "bash install.sh"—which fetches and executes repository code at setup/runtime, making it a required external dependency that can execute remote code.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The prompt explicitly instructs running privileged installation steps (e.g., "sudo bash build.sh" and chmod on build files), which asks the agent to perform actions requiring elevated privileges and modify system state.