atc-model-converter

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill requires a user-provided "代码仓库地址" (code repository URL/path) and its required workflows (Workflow 1 static analysis and Phase 2 dynamic probing, plus Workflow 4's import/reuse of repo preprocess/postprocess code and running probe scripts) instruct the agent to fetch, inspect, import, and even execute code from arbitrary public Git repositories — untrusted third‑party content that can influence tool choices and subsequent actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.80). The skill includes runtime fetch/install commands that pull and run external code (e.g., git clone https://gitee.com/ascend/tools.git and wget https://aisbench.obs.myhuaweicloud.com/packet/ais_bench_infer/0.0.2/... followed by pip3 install), which are required for inference and will execute remote code on the host, so they present a clear runtime risk.