Skills
skills/ascend-ai-coding/awesome-ascend-skills/torch_npu/Snyk

torch_npu

Warn

Audited by Snyk on Mar 1, 2026

Risk Level: MEDIUM
Full Analysis

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.80). This skill's MCP tool (mcp/index.js) and SKILL.md explicitly fetch and ingest public, user-hosted documentation from GitCode (https://gitcode.com/Ascend/pytorch) and instruct the agent to read those fetched docs (via fetch_torch_npu_doc / fetch_torch_npu_docs_batch) to answer questions, which means untrusted third-party content can influence the agent's decisions and actions.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 1, 2026, 11:02 AM