vllm-ascend-deploy

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The skill's required "配置发现" step in SKILL.md and references/model-discovery.md explicitly instructs the agent to search and extract configuration (镜像, TP, 启动参数) from public third‑party sites (e.g., https://gitcode.com/org/vLLM_Ascend/, https://docs.vllm.ai/, https://modelers.cn/) and use those findings to determine deployment actions, which exposes the agent to untrusted user-generated/open web content that can materially influence tool use.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill explicitly requires fetching and parsing external deployment documentation at runtime (e.g. https://gitcode.com/org/vLLM_Ascend/, https://docs.vllm.ai/projects/vllm-ascend-cn/zh-cn/latest/tutorials/models/, https://modelers.cn/user/vLLM_Ascend) to determine required configuration and startup commands, so remote content directly controls agent instructions and is a required dependency.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill automates SSH key setup (configuring passwordless login), runs docker/container creation and service start commands, and creates cron jobs/scheduled agents—actions that modify system and SSH configurations and establish persistent jobs, thus changing the machine's state and potentially bypassing intended controls.