vllm-ascend

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's workflow explicitly loads models by public IDs (e.g., "Qwen/Qwen2.5-7B-Instruct" in SKILL.md and references/deployment.md) and passes trust_remote_code (see scripts/benchmark.py and scripts/deploy_service.sh using LLM(..., trust_remote_code=True) and the --trust-remote-code flag), which causes the agent to fetch and execute untrusted, user-provided code/content from third-party model repositories that can influence runtime behavior.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly enables remote code execution at runtime (e.g., trust_remote_code=True in scripts and the deploy command uses --trust-remote-code) while referencing remote model repositories such as Qwen/Qwen2.5-7B-Instruct (which map to URLs like https://huggingface.co/Qwen/Qwen2.5-7B-Instruct), meaning the service can fetch and execute arbitrary remote model code at runtime.